// GLOSSARY -- SECURITY & COMPLIANCE

What is Phishing Attack?

1 min read Updated

A phishing attack in crypto is a social engineering scam that tricks users into revealing private keys, seed phrases, or signing malicious transactions — the most common attack vector for individual fund loss.

WHY IT MATTERS

Phishing is how most individual crypto losses happen. Techniques include: fake websites that mimic legitimate dApps (Uniswep instead of Uniswap), malicious token approval requests, fake customer support on Discord/Telegram, and airdrop scams that require 'claiming' through a drainer contract.

Wallet drainers are increasingly sophisticated — they present legitimate-looking approval requests that actually grant unlimited token access to the attacker's contract. One wrong signature and all your tokens can be stolen.

Defense: verify URLs manually, never share seed phrases, review all transaction/signing requests carefully, use hardware wallets (verify on device screen), and be skeptical of unsolicited messages.

FREQUENTLY ASKED QUESTIONS

How to identify crypto phishing?
Red flags: unsolicited DMs, urgency/scarcity ('limited time'), requests for seed phrases, URLs that are slightly off (uniswep.org), and too-good-to-be-true airdrops/rewards.
What is a wallet drainer?
A malicious smart contract that, once approved, transfers all tokens from your wallet. Drainers disguise as legitimate dApps and request broad token approvals.
Can hardware wallets prevent phishing?
Partially. Hardware wallets show transaction details on their screen, making it harder to sign blind. But if you approve a malicious contract on the hardware wallet's screen without reading it carefully, you're still vulnerable.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.