Main topics of the post:
Binance's risk team has observed an alarming trend: an increasing number of DeFi Phishing Scams draining users' wallets.
These scams typically involve a phishing link to establish a "secure" connection to a DApp designed to steal user funds.
Have you been a victim of a DeFi Phishing Scam? Disconnect your wallet, freeze your bank accounts and report the incident to the relevant authorities immediately.
Entering the world of decentralized finance, or DeFi, can be an exciting start for many cryptocurrency users. Intermediary-free financial services that only require a wallet and some cryptocurrencies to use – isn’t that the whole point of digital assets? Many crypto enthusiasts believe it is the revolutionary next step not just for Web3, but for the entire financial sector.
While DeFi brings many tangible benefits, it also has disadvantages – mainly related to security. A recent trend our risk team has observed is an alarming increase in phishing scams that can leave users with empty wallets.
What is a DeFi Phishing Scam?
DeFi Phishing Scams typically involve criminals tricking users into connecting their wallets — typically via WalletConnect — to malicious decentralized applications (DApps). From there, the scammer can access the user's wallet and initiate unauthorized transactions.
In the following sections, we will take a closer look at how DeFi Phishing Scams work and provide you with the essential knowledge you need to protect your funds. For more information about cryptocurrency scams, check out the full catalog of our Learn the Scams articles.
DeFi Phishing Scams: A Three-Step Process
Step 1: Choose the victim
Scammers employ various tactics to lure unsuspecting users. They can pose as trustworthy individuals or groups, offering tempting opportunities to make money. These scammers often operate through social media channels, messaging platforms, or online forums, where they prey on users who are actively seeking financial gain or guidance in the DeFi sector.
Many users new to crypto do not have a sufficient understanding of even the basics of the crypto sector, let alone the often complex mechanics of DeFi products. Some see cryptocurrencies as a “money-making opportunity,” listening intently to anyone who seems knowledgeable about the subject. Taking advantage of this, scammers use complex industry jargon, often quite incoherently, to impress unsuspecting users.
Step 2: Deceive the victim
Once the scammers have gained the user's attention and trust, they guide the user through a series of steps designed to unlock an exciting "investment opportunity." These instructions may include sharing a seemingly secure WalletConnect link to establish a connection between the user and a "DApp."
Advanced scammers may even provide a link that resembles a real company domain except for a letter or two. This is why, as part of your risk control, you should always check the website of the organization in question before clicking on any links.
Step 3: Steal the crypto assets
Once the victim has clicked on the phishing link and established a WalletConnect connection with the "trusted DApp", the scammers will repeatedly send malicious signature requests to special smart contract protocols. Shortly after providing the subscription, the user will discover that their funds have disappeared.
DeFi Phishing Scam Example
To illustrate the process and impact of a DeFi Phishing Scam, let's consider the case of a user we'll call John. John receives a message from a WhatsApp group posing as Binance employees, called "Binance UK A18". Scammers claim to provide professional guidance on how to make money in the DeFi space. Intrigued by the offer, João starts talking to the scammers.
Criminals send detailed instructions to João and share a "secure link" to establish a connection with the wallet. Moments after clicking the link, João's wallet containing his USDT holdings is emptied.
Tips to Protect Against DeFi Phishing Hits
1. Be careful with unknown sources
Avoid establishing connections with platforms or DApps that you have never heard of. Your best bet is to always choose reputable apps with a proven track record among their users.
Connecting your wallet to a random DApp – just because someone told you it could make you a millionaire – can lead to irreversible damage. Do your research, don't click on random links, and use common sense if you suspect any warning signs.
2. Don't believe in unrealistic returns
Be aware of investment opportunities or projects that advertise high returns. Some scammers may advertise misleading returns such as 3% per day, which equates to over 1000% in annual returns. This type of return is unfeasible.
If someone approaches you with an investment or proposal that seems too good to be true, it's best to decline to avoid a potential scam.
3. Be careful when dealing with strangers
Determining the real reason why a stranger approaches you is complicated. Maybe they mean well. Keep in mind that crypto transactions are irreversible. Be wary if a person you just met online starts talking about investing, wanting to help you make money and asking you to follow a set of instructions to win big.
If someone claims to be a person of power or even an employee of a reputable company, do a quick background check and verify that person's identity online. By following these essential tips, you can reduce your risk of falling victim to a DeFi Phishing Scam.
Stay informed, be cautious and protect your cryptocurrencies.
If you have been a victim of a DeFi Phishing Scam
Disconnect your DeFi wallet from the entity used by the scammers and change the password immediately. If your bank account is involved, freeze your cards and change your passwords too.
Contact local authorities and file a police report, providing all relevant information. This step is crucial as it can increase the chances of recovering your funds later.
Report the case to the platform where the scammer first approached you. Tell them the name of the scammer's profile and any other details that can help with prevention, preventing others from falling for the scam.
If your Binance account has been compromised, immediately file a report by following the steps outlined in this guide: How to report scams to Binance Support.
We also encourage all users, new and old, to read our anti-scam series to better prepare yourself against common crypto scams.
Further reading
Get to know the Scams: cryptocurrency money transfer scams
Know the Scams: how to identify fake shopping sites
Know the Scams: how to identify and avoid Ponzi Schemes
Risk Warning and Disclaimer: This content is presented to you “as is” for informational and educational purposes only, without warranty of any kind. The content should not be construed as financial advice and is not intended to recommend the purchase of any specific product or service. Digital asset prices can be volatile. The value of your investment may go down as well as up and you may not get back the amount invested. You are solely responsible for your investment decisions. Binance is not responsible for any of your possible losses. This material should not be construed as financial advice. For more information, see our Terms of Use and Risk Alert.