As we recently revealed in our annual Hack3d Report, more than $2.3 billion was stolen across 760 on-chain security incidents in 2024. Nearly half of this value was stolen due to phishing attacks, representing a 31% year-over-year increase.
Given that phishing attacks are on the rise, it’s important for all Web3 participants to learn how to better protect their cryptocurrency. Below, we’ll look at strategies for avoiding phishing and traps you should avoid.
Phishing is no longer limited to suspicious emails. Hackers are now using sophisticated techniques to deceive Web3 users, including:
One way to protect yourself from these types of phishing attacks is to always verify the authenticity of URLs and smart contracts. Use platforms like etherscan, bscscan, or solscan to verify the legitimacy of addresses before making any transaction.
Additionally, never approve or validate a transaction that you didn’t initiate, and always double-check before approving the transaction.
If you have any doubts about an authorization you’ve granted, you can use tools like revoke.cash to revoke permissions given to DApps.
Finally, never click on links sent via private messages, as hackers often employ fake interfaces and fraudulent URLs to trick users. Always check unsecured or strange URLs, fake SSL certification, and suspicious links.
A cold wallet is an offline wallet designed to store your private keys in complete isolation and security. It’s a dedicated physical device that allows you to sign transactions without ever exposing your private keys. Unlike hot wallets, a cold wallet remains inaccessible to remote attackers.
The main advantage of a cold wallet is the protection it provides. It’s ideal for long-term storage or keeping assets you don’t use regularly. These features help you avoid reliance on online third parties and significantly reduces the risk of compromise.
However, cold wallets don’t protect you from everything, as securing your crypto requires multiple layers of protection. For example, you can add multi-signature authentication or two-factor authentication (2FA).
Social media platforms enable hackers to target users directly by impersonating well-known figures or creating fake accounts. The most common scams include fake “giveaways” where messages promise a massive return on investment in exchange for an initial amount.
Other tactics involve sending private messages with malicious links or promises of fake partnerships. Scammers often play on the urgency, pushing victims to act quickly without thinking.
An additional growing threat is the emergence of fraudulent discussion groups on platforms like Telegram and Discord. These groups mimic official crypto project channels by spreading false information or sharing phishing links.
To protect yourself, disable private messages from those in large shared groups and be wary of unsolicited interactions. Only follow verified accounts and prioritize announcements coming directly from official websites. It’s also advisable never to share screenshots or personal information related to your wallet on social media, as this data can be used to target phishing attacks — or worse, physical attacks.
Tools like Skynet can help you understand the reliability of projects and check whether they have been audited by looking at detailed reports.
The Skynet Quest section guide you through major concepts, such as securing your private keys, choosing a secure exchange, and understanding what a crypto drainer is.
Educating yourself also means learning to spot new fraud trends. To keep up to date on the latest incident alerts and statistics, follow @certikalert on X or read our latest analyses on our blog.