A fresh phishing wave is hitting cryptocurrency exchange and DeFi users this week, with scammers sending emails designed to look like they came from the platforms themselves. The campaign, which security teams first flagged over the weekend, uses professional branding and urgent language to trick recipients into handing over private keys or login credentials.
What the emails look like
The messages are crafted to appear official — same logos, similar sender addresses, and subject lines warning of security breaches or requiring immediate action. Some are formatted as account verification notices, others as withdrawal confirmations. In every case, clicking the embedded link leads to a fake login page that captures the user's password and two-factor codes.
Why it's hard to spot
Unlike older, sloppier phishing attempts, these emails pass basic spam filters. The senders have spoofed domains that closely resemble real exchange addresses. Casual inspection won't catch the difference — one letter swapped, a hyphen added. The landing pages use HTTPS and even mirror real dashboard layouts.
What users can do right now
The standard advice still holds: never click a link in an unexpected email. Open a browser tab and type the exchange's URL manually instead. Enable hardware-based 2FA if you haven't. A few exchanges have posted alerts on their social feeds, but many haven't — so check before you click.
