Main Takeaways
The Binance risk team has observed an alarming trend: a growing number of DeFi phishing scams that drain users’ wallets.
These scams typically involve a phishing link to establish a “secure” connection to a DApp that is designed to steal user funds.
Have you fallen victim to a DeFi phishing scam? Disconnect your wallet, freeze your bank accounts, and report the incident to the relevant authorities immediately.
Protect your crypto funds from DeFi phishing scams. Learn how criminals can gain access to your wallet and how to identify such a scheme at work in this week's edition of Know Your Scam.
Entering the world of decentralized finance, or DeFi, might be an exciting new beginning for many crypto users. Financial services with no middlemen that require only a wallet and some crypto funds to use – isn’t this the ultimate purpose of digital assets? Many crypto enthusiasts believe it’s the revolutionary next step for not only Web3 but the entire realm of finance.
While DeFi comes with many tangible benefits, it also has drawbacks – primarily related to security. One recent trend that our risk team has observed is an alarming rise in phishing scams that can leave users with empty wallets.
What is a DeFi Phishing Scam?
DeFi phishing scams usually involve criminals tricking users into connecting their wallets — typically via WalletConnect — to malicious decentralized applications (DApps). From there, the scammer can gain access to the user’s wallet and initiate unauthorized transactions.
In the following sections, we’ll take a closer look at how DeFi phishing scams work and equip you with the essential knowledge needed to safeguard your funds. For more information about crypto scams, check out the full catalog of our Know Your Scam articles.
DeFi Phishing Scams: A 3-Step Process
Step 1: Targeting the victim
Scammers employ various tactics to lure in unsuspecting users. They might pose as trustworthy individuals or groups, offering enticing opportunities to make money. These scammers often operate through social media channels, messaging platforms, or online forums, where they target users actively looking for financial gains or seeking guidance in the DeFi space.
Many new crypto users have an insufficient understanding of even the basic crypto concepts, let alone the often complex mechanics of DeFi products. Some view crypto as a “money-making opportunity,” eagerly listening to anyone who sounds knowledgeable. Taking advantage of this, scammers may use complex industry jargon, often quite incoherently, to impress unsuspecting users.
Step 2: Trapping the victim
Once the scammers have gained a user's attention and trust, they guide them through a series of elaborate steps toward unlocking an exciting “investment opportunity.” These instructions may include sharing a seemingly secure WalletConnect link to establish a connection between the user and a “DApp.”
Advanced scammers may even provide a link that resembles a real company domain, except for one or two letters. This is why, as part of your due diligence, you should always check the concerned organization’s website before clicking any links.
Step 3: Stealing crypto assets
After the victim has clicked on the phishing link and established a WalletConnect connection with the “trusted DApp,” the scammers will repeatedly send malicious signature requests for special smart contract protocols. Once the user has provided the signature, they will find that their funds have disappeared.
Example of a DeFi Phishing Scam
To illustrate the process and impact of a DeFi phishing scam, let's consider the case of a user whom we’ll call Jack. Jack receives a message on WhatsApp from a group impersonating Binance employees, called "Binance UK A18." The scammers claim to provide professional guidance on making money in the DeFi space. Intrigued by the offer, Jack engages in conversation with the scammers.
The criminals send Jack detailed instructions and share a “secure link” to establish a wallet connection. Within moments of clicking the link, Jack's wallet is drained of all his USDT holdings.
Tips to Protect Yourself From DeFi Phishing Scams
1. Be cautious of unfamiliar sources
Steer clear of establishing connections with platforms or DApps you’ve never heard of before. Your best bet is to always stick with reputable applications with a proven track record of doing right by their users.
Connecting your wallet to a random DApp — just because someone told you it could make you a millionaire — can lead to irreversible damage. Do your research, don’t click random links, and use common sense if you suspect any red flags.
2. Don’t fall for unrealistic returns
Be mindful of investment opportunities or projects touting high returns. Some fraudsters may advertise misleading returns like 3% daily, which amounts to over 1000% annualized returns. Such returns are unfeasible.
If someone approaches you with an investment or proposal that sounds too good to be true, it's best to decline to avoid a potential scam.
3. Exercise caution when dealing with strangers
Determining the true nature of a stranger reaching out to you is complicated. Perhaps they have good intentions. Just keep in mind that crypto transactions are irreversible. Stay vigilant if a person you’ve just met online starts to talk about investments, helping you make money, and how they’ll need you to follow a set of instructions to earn big.
If they’re claiming to be someone with power or an employee of a reputable company, do a quick background check and verify their identity online. By following these essential tips, you can reduce the risk of falling victim to a DeFi phishing scam.
Stay informed, stay cautious, and protect your crypto.
If You’ve Fallen Victim to a DeFi Phishing Scam
Disconnect your DeFi wallet from the entity used by the scammers and change the password immediately. If your bank account is involved, freeze your cards and change the passwords as well.
Contact local authorities and file a police report, providing them with all relevant information. This step is crucial as it may increase the chances of recovering your funds later on.
Report the case to the platform where the scammer first approached you. Let them know the scammer’s profile name and any other details that may help them stop others from being scammed.
If your Binance account was affected, immediately file a report by following the steps outlined in this guide: How to Report Scams on Binance Support.
We also encourage all users, both new and old, to read through our anti-scam series to better equip themselves against common crypto scams.
Further Reading
Disclaimer and Risk Warning: This content is presented to you on an “as is” basis for general information and educational purposes only, without representation or warranty of any kind. It should not be construed as financial advice, nor is it intended to recommend the purchase of any specific product or service. Digital asset prices can be volatile. The value of your investment may go down or up and you may not get back the amount invested. You are solely responsible for your investment decisions and Binance is not liable for any losses you may incur. Not financial advice. For more information, see our Terms of Use and Risk Warning.