The Vibe: Fake messages or sites that trick you into giving away your private keys, seed phrase, or wallet access—so scammers can steal your crypto.
The Details: Phishing is a common scam where attackers pretend to be legit (like your wallet app, an exchange, a project team, or even a friend) to get your sensitive info. They use fake websites (lookalike URLs), urgent emails/DMs (“your account is locked—connect now!”), fake airdrop claims, or malicious dApp prompts that ask to “sign” something, draining your wallet. Once you enter your seed phrase or approve a bad transaction, your funds are gone forever—no undo button in crypto.
Note: Phishing often involves cyber spoofing, where attackers fake trusted identities (e.g., spoofed email addresses, caller ID, or website domains) to trick you into sharing seed phrases, private keys, or approving malicious transactions. This is different from market spoofing (fake orders in trading order books to manipulate prices)—see the Spoofing entry for that term.
Pro Tip: Never enter your seed phrase anywhere except when restoring on official software. Double-check URLs (hover links, type manually), ignore urgent “fix this now” messages, and use burner wallets for unknown dApps. Enable 2FA, bookmark real sites, and verify everything—phishing relies on rushing you.