What is ‘ice phishing’ in Web3? How to stay safe from crypto’ ice phishing’ scammers?

3 min readFeb 13


2022 was the worst year ever for crypto hacking, with $3.8 billion stolen, primarily from DeFi protocols, says the latest report by Chainlysis.

In the web2 world, credential phishing stalks our consumers every day. Web3 is a decentralized world constructed on top of cryptographic security. In web3, funds in your non-custodial wallet are safeguarded by a private key known only to you. Smart contracts with which you interact are immutable, frequently open-source, and audited. With such a secure foundation, how can phishing assaults occur? This is exactly what we will explore in this blog.

What is Ice Phishing?

Ice Phishing is duping a user into signing a fraudulent transaction so the attacker can control the crypto assets.

The “ice phishing” approach does not entail obtaining another person’s private keys. Instead, it attempts to dupe a user into confirming a transaction that provides the attacker access to the user’s tokens.

Approvals are a typical transaction that allows users to engage with DeFi Protocols. Since engaging with DeFi protocols needs you to obtain authorization to engage, ice phishing poses a significant risk to Web3 investors.

How does ice phishing work?

Ice phishing involves tricking victims into signing malicious approval transactions through fraudulent websites. They often pose as legitimate DEXs or crypto products. Using phishing emails, tweets, or other means, the hacker creates a false sense of urgency, exploits the

customers’ FOMO, and lures them into clicking the link.

Once the victim approves the tokens to the attacker’s address through a fraudulent website, the attacker immediately transfers them to their own wallet using the transferFrom function.

How to stay safe from ‘ice phishing’ scammers?

Don’t click on suspicious links: To avoid phishing URLs and domain squatters, only use the validated URL to access dApps and services. If in doubt, the project URL is generally visible on their verified Twitter account.

Verify the transaction before signing: It is critical to examine the transaction details before signing it in Metamask or any other wallet to verify that the activities you wish to do are carried out.

Manage your cryptocurrency holdings across multiple wallets: Distribute your cryptocurrency holdings by putting long-term investments and precious NFTs in cold storage, such as hardware wallets, and money for regular transactions and more active dApps in a separate hot wallet.

Periodically review and revoke Allowance: It’s usually a good idea to examine and revoke your allowances regularly, especially if you’re not actively using a dapp. This lessens the likelihood of losing money due to vulnerabilities or assaults and the effect of phishing schemes. For this, you can utilize the Revoke.cash or Etherscan token approval checkers.

Keep up to current on scams to prevent them: Keep an eye out for scammers and report anything out of the ordinary. Reporting scams can aid security and law enforcement in capturing fraudsters before they inflict too much damage.

As the cryptocurrency industry grows, ice phishing attempts and other cryptocurrency scams are likely to become more common. The best security protections are focus and education.

About NeoFi

NeoFI is a crypto-investment solution designed to automatically help every scale investor diversify their investment portfolio and risks. NeoFi relies on NeoFi baskets to help investors invest in their preferred niche with a single click.

NeoFI is working to onboard the next billion users to the cryptocurrency space. The project believes that its efforts will revolutionize the world of cryptocurrencies and level the playing field in the market by offering more tools to retail investors in the market.

Website | Medium | Twitter | Telegram