Market Cap: 24h Vol: BTC: BTC Dom:
Gold: S&P 500: EUR/USD: Oil (BRENT):

Spear Phishing

Spear phishing succeeds where ordinary phishing fails because it trades volume for research. Before sending a single message, the attacker studies the target: which exchange they use, which project they hold, who their colleagues or support contacts are, and sometimes their public wallet activity pulled from a blockchain explorer. The resulting email, direct message, or fake support ticket references real details, a recent trade, an actual employee's name, a specific wallet balance, so it reads as credible rather than as an obvious mass-mailed scam.

In crypto the stakes are unusually high because most spear phishing attacks aim to steal credentials or authorization rather than money directly. A convincing message might direct a victim to a cloned exchange login page, ask them to "verify" a seed phrase, or send a developer a malicious file disguised as a job offer or contract. The 2025 Bybit breach, in which North Korea's Lazarus Group stole roughly 1.5 billion dollars, began with spear phishing against a developer at the multisig wallet provider Safe; the compromised machine let attackers alter what exchange signers saw on screen while a transaction was approved. Chainalysis reported that impersonation scams, many built on this kind of targeted research, surged by more than 1,400 percent in 2025 as attackers increasingly pose as exchange support staff or government officials.

Common variants include:

  • Fake "account verification" or "security update" emails that lead to a cloned login page.
  • Direct messages from accounts impersonating known team members or support agents.
  • Malicious attachments or links sent to developers or executives at a targeted company.

Because blockchain transactions cannot be reversed once signed, verifying any unusual request through a separate, trusted channel before entering credentials or approving a transfer remains the most reliable defense.