Phishing Wallet & Exchange Scam

Fake websites, emails, or apps that impersonate legitimate crypto wallets and exchanges to steal login credentials, seed phrases, or private keys.

Critical Severity

Technical Exploit

Very Common

How This Scam Works

Scammers create near-identical copies of popular wallet interfaces or exchange login pages. Victims arrive via phishing emails, fake Google ads, or social media links. The fake site prompts users to enter their seed phrase to 'restore' or 'verify' their wallet, or to log in with their exchange credentials. Once entered, the scammer immediately drains the real wallet or account. Some phishing attacks use malicious browser extensions or mobile apps distributed outside official app stores.

Red Flags to Watch For

URL is slightly misspelled or uses a different domain extension
Email or message contains urgent language about account suspension
Site asks you to enter your seed phrase or private key
Google ad result that doesn't match the official domain
App not downloaded from the official app store
Certificate warnings or missing HTTPS padlock
Email sender address doesn't match the official domain
Pop-ups asking to 'connect wallet' on unexpected sites

Common Phrases Scammers Use

“Your account has been suspended — verify immediately”

“Enter your seed phrase to restore your wallet”

“Unusual login detected — confirm your identity now”

“Your wallet needs to be validated”

“Click here to claim your airdrop”

“Action required: update your security settings”

What to Do Right Now

1If you entered your seed phrase, immediately transfer remaining funds to a new wallet with a new seed phrase
2Change passwords and enable 2FA on all crypto accounts
3Revoke token approvals on affected chains using a tool like Revoke.cash
4Report the phishing site to Google Safe Browsing and the impersonated company
5Report to the Anti-Phishing Working Group at reportphishing@apwg.org

What NOT to Do

Never enter your seed phrase on any website — legitimate services will never ask for it
Do not click links in unsolicited emails claiming to be from exchanges
Do not download wallet apps from unofficial sources
Do not interact with browser pop-ups asking to 'verify' your wallet

How to Report It

Google Safe Browsing Report
Anti-Phishing Working Group — reportphishing@apwg.org
FBI IC3
PhishTank

Frequently Asked Questions

How common are phishing wallet & exchange scam scams?+

Phishing Wallet & Exchange Scam scams are currently rated as "very common" in our tracking. All crypto users, especially those who click email links, beginners unfamiliar with wallet security, DeFi users are the most frequently targeted groups. These scams continue to evolve, so staying informed about current tactics is essential.

Can I get my money back after falling for a phishing wallet & exchange scam scam?+

Recovery of crypto sent to scammers is very difficult because blockchain transactions are irreversible. Report the incident to law enforcement (FTC, FBI IC3) as quickly as possible. In some cases, if funds passed through a regulated exchange, authorities may be able to freeze them. Do not pay anyone who claims they can recover your funds — this is often a follow-up scam.

How do I know if a message is legitimate?+

Check for verifiable company registration and regulatory licenses. Search for independent reviews on trusted sites — not testimonials on the platform itself. Verify URLs carefully for misspellings. Legitimate services never ask for your seed phrase or private keys, never guarantee returns, and never pressure you to act immediately.

What should I do if someone I know is being targeted by a phishing wallet & exchange scam scam?+

Approach the conversation with empathy — victims are often emotionally invested and may react defensively. Share specific red flags you've noticed without being judgmental. Provide links to official scam reporting resources. If they have already sent funds, help them report to the FTC and FBI IC3 quickly. The Global Anti-Scam Organization (GASO) also provides peer support.

This information is for educational awareness only. It does not constitute legal, financial, or professional advice. If you have been the victim of a scam, contact law enforcement and consider consulting a licensed attorney.

Quick Facts

Severity: Critical Severity
Category: Technical Exploit
Prevalence: Very Common
Who Is Targeted: All crypto users, especially those who click email links, beginners unfamiliar with wallet security, DeFi users
Red Flags: 8 identified

Need Help Now?

If you are being scammed right now, stop all contact and payments immediately.

Report to FTC Report to FBI IC3

Other Scam Patterns

Fake Investment Platform

Investment Scam · Very Common

Romance / Pig Butchering Scam

Romance Scam · Very Common

Fake Crypto Job Scam

Employment Scam · Very Common

Fake Customer Support Scam

Social Engineering · Very Common

View all scam patterns