One article teaches you how to protect your hard-hoarded coins from being caught by hackers

Among digital currency investors, many friends are not unfamiliar when it comes to “phishing” fraud.

In February 2020, according to Golden Finance reports, some digital currency investors said in the community that some accounts are airdropping Voice tokens, but the website where memo appears is a phishing website.

In August 2020, according to the Google search interface, three phishing scam websites disguised as Uniswap appeared:, and These fake websites trick users into providing seed phrases and private keys.

In July 2021, a user wanted to conduct liquidity mining on the decentralized exchange pancake. He asked for help on social media because he was unfamiliar with the operation, but was deceived and led to a phishing website and leaked his wallet private key.

“Phishing” traps like the above are emerging in this field one after another, not only greatly damaging users, especially new users, but also causing huge losses to their wealth. This is extremely detrimental to the long-term development of the industry. Therefore, preventing the deception of “phishing” websites is a matter of great importance to Lingzong Security.

So what is “fishing”?

“Phishing”, also known as “phishing”, is a network attack designed to obtain sensitive information from network users.

In many cases, perpetrators of “phishing” fraud will try to trick users through various means, collect various sensitive information of users, and use these sensitive information to steal users’ assets or use users’ identities to commit secondary fraud .

So what are the deception methods commonly used by these perpetrators? Generally speaking, there are the following:


1. To trick users into being fooled by email

This is the most basic and common way. The perpetrator will pretend to be a company that provides certain services to users. For example, send an email to the user in the name of a certain exchange, and provide a link in the email, and the link will redirect the user to a fake website. Once the user clicks on the fake website and logs in to enter the user name and password, the user’s sensitive information is stolen.

2. Use the phone to trick users into being fooled

This is a frequent incident recently. The perpetrator usually calls the user in the name of the service commissioner of an exchange to guide the user to perform various operations, or induces the user to divulge their private information on the phone, or then induces the user to divulge the privacy by sending a text message and including a fake website. information.

3. Spear fishing

This approach is aimed at both institutions and individuals. The perpetrators obtained the identity information of mid-level and high-level persons in a well-known company through some means, and used the identities of these high-level persons to send e-mails containing fake website links to the target audience. Once the target person trusts this email and clicks on the link to log in to the fake website, their sensitive data will be leaked.

4. Whaling fishing

This approach pays more attention to the company’s senior managers, because these senior managers hold a large amount of the company’s business secrets, financial information, etc. Usually this kind of phishing method is also to send emails containing fake links or malicious scripts to the target object, inducing the target object to click on the link or script, and inadvertently leaking the company’s confidential information that it holds.

5. Water hole fishing

This method of fishing is highly secretive and harmful. Generally, perpetrators of phishing in this way will target the websites of current well-known projects, then search for vulnerabilities in these websites, and plant malicious scripts to guide users to submit private information. Because these websites are well-known and widely trusted, users are often paralyzed and it is not easy to detect the abnormalities. And once users log on to these websites and provide their own private information that shouldn’t have been made public without thinking, they are deceived.

6. Advertising phishing

Perpetrators who commit crimes in this way often implant malicious scripts into advertisements through vulnerabilities. Since fake advertisements look harmless and can be reflected at the top of Google’s request, once users click on these advertisements to perform a guided operation, their private information will be revealed.

7. Domain name grafting phishing

Domain name grafting is to redirect users to fake websites. Usually in this case, the attacker will install malware on the server or device used by the target. The software will direct users to fake websites so that users can be guided to provide sensitive data. Domain name grafting will destroy the domain name server DNS, so users are often difficult to detect.

Knowing these common “phishing” methods, how can we as ordinary users prevent “phishing”?

There are a few basic rules for your reference:


1 Don’t open suspicious emails.

2 Be sure to pay attention to the e-mail address, and do pay attention to some e-mails from weird domain names.

3 Do not click any links or open attachments that you are not familiar with at will. They may contain infected code.

4 Use anti-phishing software. Many browsers provide anti-phishing extensions.

5 Don’t trust certain emails or phone calls that promise high returns and high profits.

6 Do not chat privately with unfamiliar people easily in social media, especially do not talk about topics and operations related to investment and financial management.

7 Carefully check the URLs to be visited. Phishing websites often use similar (for example, one more letter, one less letter, similar words, etc.) domain names to deceive users.

8 Don’t tell anyone or website your wallet key lightly, especially the wallet key that contains digital assets.

Lingzong Security hopes that every one of our investors will be cautious, be more alert, less lucky, and always be vigilant about private keys, passwords and other personal privacy information.

About Lingzong Security:

Lingzong Security Technology Co., Ltd. is a company that focuses on blockchain ecological security. Lingzong Security Technology has mainly served many emerging and well-known projects through the integrated comprehensive program of “code risk detection + logic risk detection”. The company was established in January 2021. The team was created by a team with rich experience in smart contract programming and network security.

Team members participated in initiating and submitting a number of draft standards in the Ethereum field, including ERC-1646, ERC-2569, and ERC-2794, of which ERC-2569 was officially income by the Ethereum team.

The team participated in the initiation and construction of a number of Ethereum projects, including blockchain platforms, DAO organizations, on-chain data storage, decentralized exchanges and other projects, and participated in the security audit work of multiple projects, based on this Based on the team’s rich experience, a complete vulnerability tracking and security prevention system has been built.


Tan Yuefei, CEO of Lingzong Security

Master of Industrial Engineering (Virginia Tech, Blacksburg, VA, USA). Served as a software engineer at AIBT Inc (San Jose, CA, USA), a Silicon Valley semiconductor company in the United States, responsible for the development of the underlying control system, the program implementation of the equipment manufacturing process, and the design of the algorithm, as well as the comprehensive technical docking and communication with TSMC. Since 2011, he has been engaged in the research of embedded, Internet and blockchain technology. He is a teacher of the “Introduction to Blockchain” course at the Entrepreneurship College of Shenzhen University, a visiting researcher at the Blockchain and Intelligence Center of Sun Yat-sen University, and an executive director of the Guangdong Financial Innovation Research Association. He owns 4 blockchain-related patents and 3 published works.


Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply