Main
Binance's risk assessment team has identified an alarming trend: the number of DeFi phishing scams that are draining users' wallets is on the rise.
Typically, scammers send victims a phishing link to establish a “secure” connection to the DApp, but this results in users losing their assets.
If you are a victim of DeFi phishing, block your wallet and bank accounts, and then report the incident to the competent authorities.
Protect your crypto assets from DeFi phishing. In the next article in the “How to Recognize Fraud” series, we talk about how criminals can gain access to your wallet, as well as how to recognize a scam in practice.
The world of decentralized finance (DeFi) is opening up exciting new prospects for many cryptocurrency users. The ability to use financial services without intermediaries, with just a wallet and some cryptocurrency - isn't that what digital assets were invented for after all? Many crypto enthusiasts believe that this is the next milestone not only for Web3, but for the entire financial industry.
Along with numerous advantages, DeFi also has disadvantages - primarily related to security. Recently, our risk team has noticed an alarming trend - an increase in the number of phishing scams, as a result of which users are deprived of their funds.
What is a phishing attack
DeFi phishing usually follows a common pattern: attackers trick users into connecting a wallet (usually through WalletConnect) to a malicious decentralized application (DApp). They then gain access to the user's wallet and can initiate transactions.
Next, we will take a closer look at DeFi phishing schemes and tell you how to protect the funds in your wallet. To learn more about cryptocurrency scams, read other articles in the How to Recognize a Scam series.
DeFi phishing in three steps
1. Contact with the victim
Fraudsters use a variety of tactics to lure unsuspecting users into the trap. They may pose as trusted individuals or groups, offering attractive earning opportunities. Attackers often contact victims through social media, instant messengers, or online forums and target users who are looking for earning opportunities or who need help with DeFi products.
Many newcomers to the cryptocurrency space do not have a good understanding of even the basic concepts, let alone the more complex working principles of DeFi tools. Some view cryptocurrency only as an opportunity to make money and are ready to believe anyone who pretends to be an expert. Scammers play on this: they can throw out terms, often quite incoherently, to impress the victim.
2. Luring the victim into a trap
After gaining the user's attention and trust, the scammers ask the user to complete a series of complex steps to gain access to an exciting "investment opportunity." Along with other instructions, attackers can send a WalletConnect link to establish a connection between the user and the DApp, which at first glance seems secure.
More advanced scammers may even provide a link that resembles a real company's domain—except for a letter or two. Therefore, you should always check the website of the relevant organization before clicking on links.
3. Cryptocurrency theft
Once the victim clicks on the phishing link and establishes a WalletConnect connection with the “trusted DApp,” the scammers will begin sending signature requests to special smart contract protocols. By providing his signature, the user will discover that his funds have disappeared.
An example of DeFi phishing from real life
To illustrate how DeFi phishing works and what it leads to, consider the story of a user we'll call Jack. Jack received a WhatsApp message from a group called Binance UK A18, posing as Binance employees. The scammers claimed to provide professional advice on how to make a profit in the DeFi industry. Intrigued by this possibility, Jack entered into conversation with them.
The attackers sent him detailed instructions and a link to establish a connection to the wallet. As soon as Jack clicked on this link, all USDT disappeared from his wallet.
How to protect your crypto assets from DeFi phishing
1. Don't trust unfamiliar sources
Try not to connect to platforms or DApps that you have never heard of before. It is better to choose proven applications with a good reputation.
If you connect a wallet to an unknown DApp just because someone told you it promises millions, you may be bitterly disappointed. Do your own research. Don't click on random links and use common sense if you're suspicious.
2. Don't believe fairy tale promises
Be wary of investment opportunities or projects that promise unusually high returns. Some scammers may promise, for example, 3% per day - that's more than 1000% per annum. It doesn't happen that way.
If someone offers you an unrealistically tempting investment opportunity, it is best to decline to avoid becoming a victim of a potential scam.
3. Be careful when talking to strangers
When someone you don't know writes to you, it can be quite difficult to understand what their true intentions are - perhaps they are quite good. Remember that cryptocurrency transactions are irreversible. If a person you just met on the Internet starts a conversation about investments, promises to help you make money and asks you to follow certain instructions for this, you should be wary.
If the interlocutor pretends to be a high-ranking person or an employee of a reputable company, check this information on the Internet. This way, you are less likely to become a victim of DeFi phishing.
Keep your finger on the pulse, be vigilant and protect your cryptocurrency.
What to do if you are a victim of DeFi phishing
Disconnect your DeFi wallet from the product the scammers are using and change your password immediately. If criminals have gained access to your bank account, also block your cards and change your account passwords.
Contact your local authorities and file a police report with all relevant information. Don't neglect this step: it can improve your chances of getting your money back.
Report the incident to the moderators of the platform through which the scammer contacted you. Provide their profile name and any information that will help protect other users.
If your Binance account has been hacked, please notify us immediately by following the instructions in How to Report Fraud to Binance Support.
We also encourage all users, new and experienced, to review our Crypto Fraud Prevention series to help protect yourself from common threats.
Additional Information
How to recognize fraud: scams involving cryptocurrency transfers
How to Recognize Fraud: Learn to Spot Fake Online Stores
How to Recognize a Scam: Learn to Spot and Avoid Ponzi Schemes
Risk Warning and Disclaimer. The following materials are provided “as is” without warranty of any kind for general reference and educational purposes only. This information should not be considered financial advice or a recommendation to purchase any specific product or service. The value of digital assets may be volatile, increasing the risk of loss of investment. You are solely responsible for your investment decisions. Binance is not responsible for your possible losses. This information does not constitute financial advice. Please refer to the Terms of Use and Risk Disclosure for details.
