Spear Phishing

Spear phishing is a targeted form of phishing where an attacker tailors a message to a specific person or small group, often using personal or organizational details to appear legitimate. Unlike broad phishing campaigns that blast generic emails, spear phishing relies on relevance and trust, making it more convincing and more dangerous.

In cryptocurrency, spear phishing commonly aims to steal private data or trigger an irreversible transaction. Attackers may impersonate an exchange, wallet provider, DAO contributor, or a colleague in a project, then pressure the target to click a link, open a document, scan a QR code, or “verify” an account. The destination might be a fake login page that captures credentials, a malicious dApp that prompts a wallet signature, or malware that searches for seed phrases and session tokens.

A common scenario is an email that appears to come from a team lead or vendor with accurate details taken from social media or prior breaches. The message might request a quick review of a “new multisig policy” or ask the recipient to sign a routine transaction. Because blockchain transactions and approvals can be final, a single successful spear phishing message can lead to stolen funds, compromised admin accounts, or unauthorized smart contract changes.

Spear phishing often uses urgency, authority, and plausible context. Defenses in crypto include verifying requests out of band, carefully checking domains and wallet prompts, and treating any request to share seed phrases, export keys, or bypass security checks as suspicious. Strong operational security, hardware wallets, and multi-person approval workflows also reduce the blast radius.