Crypto phishing attacks are everywhere. It might not get better anytime soon 

When crypto prices go up, suddenly everyone becomes a target


Artwork by Crystal Le


It’s a real mess out there these days.

I’m referring to the recent onslaught of attempted cyberattacks against the people and professionals of the crypto ecosystem. This week, Blockworks’ David Canellis reported that a wave of phishing attacks targeted crypto users, all under the guise of legitimate emails.

These attempted attacks prompted warnings from the real projects. “Unauthorized airdrop email sent from Token Terminal — do not connect wallets,” Token Terminal told users in a communication sent less than an hour after the scammy one.

These impersonations have impacted Blockworks as well. As we shared on Jan. 19, would-be attackers have pretended to be Blockworks recruitment staff. The goal was to interview victims for jobs that don’t exist and attempt to obtain their bank account information. 

The Block’s Tim Copeland also recently warned about scammers who pretend to be journalists. While not an old issue — fake profiles for popular crypto journalists have surfaced over the years — the issue seems to be especially frequent these days. 

As The Verge reported this week, scammers pretending to be journos sent out fake Calendly invites in an effort to compromise victims’ Discord accounts. Discord is a popular target because of the frequent use of Discord servers by crypto projects. 

Sometimes, the attack vector is as simple as this kind of singular link. A frequent impersonation target is MetaMask, with scammers prompting prospective victims to download a new version of the crypto wallet. Such a fate befell billionaire Mark Cuban last fall, as CNBC reported at the time.  

What gives? The simplest answer is probably the closest to the truth: With elevated digital asset prices, suddenly everyone is a target. 

The frothy environment makes scams like yesterday’s airdrop email wave feel especially enticing. Market euphoria — and the prospect of even greater rewards — appears to be making people think with their wallet instead of, say, the sharp skepticism required to survive in an adversarial online environment. Phishing attacks aren’t new, but the threat is never-ending, and when they do succeed, the attacks pose significant risks. 

Hell, even the Securities and Exchange Commission’s X account was compromised via SIM swap during one of the agency’s most momentous periods in the modern area. Later revelations that SEC security around the account was, well, utterly lacking is a reflection of an easy-going security attitude that few people can afford nowadays. 

“Trust nobody” may feel excessive, but a security-first mindset can save you time, money and a massive headache. Get a text asking you to buy some gift cards? Delete and block. Someone offering you tokens in exchange for a clicked link or downloaded app? Delete and block. Don’t have 2FA on all your accounts? Get it done today. 

One wonders if this will even be enough, especially as new technology progresses. Artificial intelligence tools can enhance impersonation efforts even moreso.

Voters in New Hampshire learned that lesson this week after a robocall bearing a message from an AI-generated Joe Biden instructed them to not vote during the presidential primary. 

Maybe things will improve someday. Maybe a mix of technological and social solutions offer a greater degree of protection. I hope it doesn’t become a situation where you simply can’t trust anyone who sends you an unsolicited message. Open communication is, after all, the bedrock of the internet.  

But it’s a real mess out there. Stay safe, readers. 

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research



Aerodrome is a "MetaDEX" that combines elements of various DEX primitives such as Uniswap V2 and V3, Curve, Convex, and Votium. Since its launch on Base, it has become the largest protocol by TVL with more than $495M in value locked, doubling Uniswap's Base deployment.


Paxos is getting off scot-free after the SEC said it wouldn’t pursue legal action against the company


The Srcful partnership is part of a broader plan to onboard Helium “subnetworks”


Plus, a look into US spot BTC funds six months into trading


A Swedish energy-focused project named Srcful proposed to become a Helium subnetwork with its own ENERGY token


Securitize CEO Carlos Domingo thinks BUIDL will potentially hit its next $500 million milestone in just a few months


Representatives on Thursday opted to back President Biden and uphold his veto of the legislation that sought to invalidate SAB 121