
OKX Web3 Latest Release: On-Chain Phishing Prevention and Secure Transaction Guide
TechFlow Selected TechFlow Selected

OKX Web3 Latest Release: On-Chain Phishing Prevention and Secure Transaction Guide
Explore the on-chain world with security first. Users should always remember these three safety rules: never enter your mnemonic phrase or private key on any webpage, carefully review wallet transaction interfaces before clicking confirm, and be aware that links from Twitter, Discord, or search engines could be phishing attempts.
As we enter a new cycle, on-chain interaction risks are increasingly exposed alongside rising user activity. Phishers typically employ tactics such as creating fake wallet websites, hijacking social media accounts, developing malicious browser extensions, sending phishing emails and messages, and publishing counterfeit applications to trick users into disclosing sensitive information—leading to asset loss. These phishing methods are characterized by diversity, complexity, and stealth.
For example, phishers often create counterfeit websites that closely resemble legitimate wallet platforms, luring users into entering their private keys or seed phrases. These fake sites are commonly promoted via social media, email, or advertisements, misleading users into believing they are accessing authentic wallet services, ultimately resulting in theft of their assets. Additionally, some attackers may exploit social media platforms, forums, or instant messaging apps by impersonating wallet customer support or community administrators, sending users fraudulent messages requesting wallet details or private keys. This method takes advantage of users’ trust in official channels to induce disclosure of private information, among other tactics.
In summary, these cases highlight the threat phishing poses to Web3 wallet users. To help users enhance their awareness of Web3 wallet security and protect their assets from loss, OKX Web3 conducted in-depth community research and collected numerous phishing incidents experienced by Web3 wallet users. Based on this data, we have identified the four most common phishing scenarios and produced a comprehensive security guide for Web3 users through detailed case studies with visual illustrations, for your reference and learning.
Malicious Information Sources
1. Replies under popular project tweets
Replies under popular project tweets represent one of the primary ways malicious information spreads. Fake Twitter accounts can perfectly mimic official accounts in terms of logo, name, verification badge, and even have tens of thousands of followers. The only distinguishing factor is the Twitter handle (pay attention to similar-looking characters). Users must remain vigilant.

Moreover, fake accounts often deliberately reply beneath official tweets, embedding phishing links within their replies. Users may easily mistake these for legitimate links and fall victim. Currently, some official accounts include an "End of Tweet" notice in their posts to warn users about potential phishing links in subsequent replies.

2. Hijacking official Twitter/Discord accounts
To increase credibility, phishers may also hijack official project or influencer Twitter/Discord accounts and post phishing links under their names, making it easy for many users to be deceived. For instance, Vitalik’s Twitter account and the official TON project Twitter were both previously compromised, allowing attackers to disseminate false information or phishing links.


3. Google search ads
Phishers sometimes use Google search ads to distribute malicious links. While the displayed domain name in the browser appears to be the official site, clicking it redirects users to a phishing link.

4. Fake applications
Phishers also lure users via fake applications. For example, when users download and install counterfeit wallets published by attackers, their private keys may be leaked, leading to asset loss. There have been cases where modified Telegram installation packages altered the blockchain addresses used for sending and receiving tokens, resulting in user fund losses.


5. Countermeasures: OKX Web3 Wallet supports phishing link detection and risk alerts
Currently, OKX Web3 Wallet helps users better address the above issues by supporting phishing link detection and risk warnings. For instance, when users access websites using the OKX Web3 browser extension wallet, if the domain is known to be malicious, they will immediately receive a warning alert. Moreover, if users access third-party DApps through the Discover tab in the OKX Web3 app, the wallet automatically performs risk checks on the domain. If it identifies the domain as malicious, access will be blocked with a warning notification.


Private Key Security
1. During project interactions or eligibility verification
When engaging in project interactions or eligibility verifications, phishers may impersonate pop-up windows from wallet extensions or any webpage, prompting users to enter their seed phrase or private key. Such requests usually originate from malicious websites, and users should remain highly cautious.


2. Impersonating project customer support or administrators
Phishers frequently pose as project customer support staff or Discord administrators, providing links that prompt users to input their seed phrase or private key. In such cases, it is certain that the individual is a scammer.


3. Other possible paths for seed phrase/private key leakage
There are numerous potential paths through which a user's seed phrase or private key might be leaked, including but not limited to: malware infection on the computer, using farming-dedicated fingerprint browsers, employing remote control or proxy tools, saving screenshots of seed phrases/private keys in photo albums that could be uploaded by malicious apps, backing up to cloud storage platforms that suffer breaches, being monitored during the process of entering seed phrases/private keys, physical access by others to files or paper containing the seed phrase/private key, and developers accidentally pushing code containing private keys to GitHub.
In short, users must securely store and use their seed phrases and private keys to better protect their wallet assets. As a decentralized self-custody wallet, OKX Web3 Wallet now offers multiple backup options including iCloud/Google Drive cloud storage, manual backup, and hardware wallets—making it one of the most comprehensive in terms of private key backup methods available today. Regarding private key protection, OKX Web3 Wallet integrates full support for mainstream hardware wallets such as Ledger, Keystone, and Onekey. With hardware wallets, private keys are stored directly on the device and remain under the user's sole control, ensuring asset security. This allows users to manage their assets securely through hardware wallets while still freely participating in on-chain token trading, NFT markets, and various dApp interactions. Furthermore, OKX Web3 Wallet has launched MPC no-private-key wallets and AA smart contract wallets to further simplify private key management for users.
The Four Classic Phishing Scenarios
Scenario 1: Stealing native chain tokens
Phishers often name malicious contract functions something tempting like "Claim" or "SecurityUpdate," while the actual function logic is empty—its sole purpose being to transfer users' native chain tokens. OKX Web3 Wallet now features transaction pre-execution functionality, showing users how their assets and permissions will change once the transaction is confirmed on-chain, thus enhancing security awareness. Additionally, if the interacting contract or authorization address is known to be malicious, a red warning alert will appear.


Scenario 2: Similar-address transfers
Upon detecting large-value transactions, phishers generate addresses that match the first few characters of the recipient’s address. They then perform zero-value transfers via transferFrom or send small amounts using counterfeit USDT to pollute the user's transaction history. Their goal is to trick users into copying the wrong address from their transaction history in future transfers, thereby completing the fraud.
https://www.oklink.com/cn/trx/address/TT3irZR6gVL1ncCLXH3PwQkRXUjFpa9itX/token-transfer

https://tronscan.org/#/transaction/27147fd55e85bd29af31c00e3d878bc727194a377bec98313a79c8ef42462e5f


Scenario 3: On-chain authorization
Phishers often trick users into signing approve / increaseAllowance / decreaseAllowance / setApprovalForAll transactions, and may upgrade usage by leveraging Create2 to precompute new addresses, bypassing security checks to obtain user authorizations. OKX Web3 Wallet provides security alerts for authorization transactions, reminding users that the transaction involves authorization and urging caution. Additionally, if the authorized address is known to be malicious, a red warning will be displayed to prevent users from falling victim.


Scenario 4: Off-chain signatures
Beyond on-chain authorizations, phishers may also conduct phishing via off-chain signature requests. For example, ERC20 token authorization allows users to grant another address or contract permission to spend a certain amount, enabling the authorized party to transfer user funds via transferFrom. Phishers exploit this mechanism for scams. OKX Web3 Wallet is currently developing risk alert features for such scenarios. When users sign offline messages, the wallet parses the authorization address; if it matches a known malicious address, users will be warned accordingly.


Other Phishing Scenarios
Scenario 5: TRON Account Permissions
This scenario is relatively abstract—typically involving phishers gaining control over user assets by acquiring their TRON account permissions. TRON account permissions, similar to EOS, are divided into Owner and Active roles, and can be configured with multi-signature-like controls. For example, in the following configuration, the Owner threshold is set to 2, with two addresses having weights of 1 and 2 respectively. The first address belongs to the user and, with a weight of 1, cannot operate the account independently.
https://tronscan.org/#/wallet/permissions
https://www.oklink.com/trx/tx/1fe56345873425cf93e6d9a1f0bf2b91846d30ca7a93080a2ad69de77de5e45f


Scenario 6: Solana Token and Account Authority
Phishers modify the Ownership of a token's ATA account via SetAuthority, effectively transferring ownership of the tokens to a new address. Once victims fall for this method, their assets are transferred to the attacker. Additionally, if users sign an Assign transaction, the Owner of their regular account will be changed from System Program to a malicious contract.



Scenario 7: EigenLayer calling queueWithdrawal
Due to inherent design flaws in the protocol, this feature is easily exploited by phishers. The EigenLayer protocol on Ethereum allows the queueWithdrawal function to designate another address as the withdrawer. If a user is tricked into signing such a transaction, seven days later, the designated address can claim the user’s staked assets via completeQueuedWithdrawal.
Exploring the On-Chain World: Security First
Secure usage of Web3 wallets is crucial for protecting digital assets. Users should actively take preventive measures to guard against potential risks and threats. Consider choosing industry-leading, audited solutions like OKX Web3 Wallet to explore the on-chain world more securely and conveniently.
As one of the most advanced and fully featured wallets in the industry, OKX Web3 Wallet is fully decentralized and self-custodial, enabling users to seamlessly interact with on-chain applications. It supports over 85 public chains, unifying mobile app, browser extension, and web versions across five core modules: wallet, DEX, DeFi, NFT marketplace, and DApp discovery. Additional features include Ordinals marketplace, MPC and AA smart contract wallets, gas swapping, and hardware wallet integration. Furthermore, users can enhance wallet security by safely safeguarding private keys and seed phrases, regularly updating wallet apps and operating systems, carefully handling links and messages, and enabling multi-factor authentication.
In conclusion, in the on-chain world, asset security comes above all else.
Users should always remember these three Web3 security rules: never enter your seed phrase or private key on any webpage, carefully confirm wallet transaction prompts, and treat links obtained via Twitter, Discord, or search engines with suspicion—they may be phishing attempts.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News














