How to identify onchain scams and secure your wallet

OKX LearnOKX Learn
Published on Oct 29, 2024
Updated on Jun 16, 2025
6 min read
810

As Web3 continues to evolve at pace, the onchain ecosystem is flourishing, with rising numbers of users participating in onchain transactions and other activities. Simultaneously, various onchain scams are emerging, with fraudsters tricking users into authorizing transactions or revealing their keys to steal assets.

To help users safeguard their Web3 security, OKX offers multi-layered security measures. We also advise users to remain vigilant and educate themselves on the threats out there, especially in high-risk scenarios.

In this article, we'll spotlight some common onchain scam cases, alongside OKX's countermeasures and user recommendations. By the end, you should be wel placed to identify and avoid major Web3 risks.

Induced authorization theft

Gaining authorization maliciously is a common tactic used to commit a Web3 scam. Here, fraudsters would create false authorization transactions to trick users into signing, thereby gaining operational control over the user's assets.

Approval authorization scams

Approval authorization scams see the criminal use methods for stealing authorization from users. Here are two common examples to look out for.

  • Phishing links: Fraudsters share so-called "high-yield" trading information in communities, guiding users to click on links to steal authorization for "deposit mining" or "staking airdrops."

  • OTC disguise: Scammers pose as OTC merchants, asking users to make a small test transfer of $1. This is actually an authorization transaction, granting them control over the user's assets.

OKX Wallet security measures

  • First defense: Malicious detection of login URLs, blocking access if the URL is identified as malicious.

  • Second defense: Intercepting authorization to externally owned accounts (EOA) addresses even if the site isn’t flagged as malicious.

  • Third defense: Blocking authorization to contracts identified as malicious.

  • Fourth defense: For specific networks (such as Tron), intercepting transactions if the signature content and description don't match.

Preview
Source: OKX

Permit and Permit2 authorization scams

Permit and Permit2, introduced by Uniswap to save Gas fees, can be exploited by hackers to trick users into authorizing transactions.

OKX Wallet security measures

  • First line of defense: Clearly displays transaction types as permit authorizations, marking involved tokens, scope of permissions, and expiration times.

  • Second line of defense: Automatically block and prompt users to review transaction risks for potentially risky decentralized application (DApp) requests.

Preview
Source: OKX

eth_sign authorization scams

eth_sign allows a user to sign any transaction hash, which is like providing a "blank check" on Ethereum. Fraudsters trick users into using eth_sign to construct custom transactions and steal assets.

OKX Wallet security measures

  • Automatic interception: Automatically identifies and blocks eth_sign transactions due to their high phishing nature.

How to protect yourself

  • Stay vigilant: Don't blindly follow financial advice from social media or group chats, especially those involving unknown links or supposedly high-yield projects.

  • Avoid interacting with unknown contracts: Verify the reliability of contract sources before authorizing them. Interact only with well-known platforms or DApps you fully understand.

  • Refuse unknown transaction signatures: Carefully check the authorization target and amount before approving transactions, especially for "approve" and "increase allowance" operations.

  • Understand new authorization risks: Although new authorizations like Permit and Permit2 save gas fees, they may pose security risks.

Screenshot and screen recording key theft

Scammers also sometimes pose as investment advisors or trading experts to trick new users into revealing their private keys or mnemonic phrases through screenshots or screen sharing.

OKX Wallet security measures

  • First line of defense: Disable screenshot and screen recording on sensitive interfaces and warn users of the risks.

  • Second line of defense: Prevent screen sharing of mnemonic phrases.

How to protect yourself

  • Handwrite and securely store mnemonic phrases: Record mnemonic phrases on paper, avoiding screenshots or electronic storage.

  • Beware of strangers requesting mnemonic phrases: Never share mnemonic phrases with anyone.

  • Avoid remote assistance: Dont' display mnemonic phrases or private keys during remote assistance.

Preview
Source: OKX
Preview
Source: OKX
Preview
Source: OKX
Preview
Source: OKX

Malicious airdrop theft

Fraudsters use malicious airdrops as another way of scamming users. Here, the scammer sends worthless tokens to many addresses, tricking users into interacting with phishing sites to sell these tokens, leading to asset theft.

Preview
Source: OKX

OKX Wallet security measures

  • Hide suspicious airdrop tokens: Automatically hides suspected malicious airdrop tokens to prevent users from interacting with them.

How to protect yourself

  • Don't interact with unknown airdrop tokens: Be cautious of unknown airdrop tokens and verify their information before interacting.

  • Avoid logging into suspicious sites: Never trust non-official channels for selling tokens that can't be traded on regular platforms.

Similar address scams

Fraudsters create addresses similar to those users interact with, tricking them into transferring assets to the wrong address.

OKX Wallet security measures

  • Highlight similar addresses: We list similar addresses on the transfer page to prompt users to verify the correct address.

Preview
Source: OKX

How to protect yourself

  • Carefully verify transfer addresses: Check the first and last few characters of the address before transferring.

  • Support address labels: Use address labels to quickly identify and avoid errors.

Project team exit scams

Some project teams may misuse user authorizations to transfer assets before disappearing, leaving users with nothing.

OKX Wallet security measures

  • Authorization reminders: Reminds users to cancel unnecessary authorizations for DApps not used for a long time.

Preview
Source: OKX

How to protect yourself

  • Be Cautious with authorizations: Don't easily authorize DApps or contracts, especially those promising "high returns" or "no risk."

  • Regularly manage authorizations: Regularly check for and cancel DApp authorizations that haven't been used in a long time.

Rug pull scams

Similar to project team exit scams is the rug pull. Here, fraudsters promote tokens to attract users, then manipulate prices higher so they can exit with a massive gain. Meanwhile, users are prevented from selling their assets, causing losses.

OKX Wallet security measures

  • Risk assessment interception: Our built-in engine evaluates token risks and blocks high-risk purchases.

  • Onchain risk detection: Provides risk token detection for supported chains.

How to protect yourself

  • Be aware of rug pull risks: Verify token information on official platforms before purchasing.

  • Avoid following the hype: Stay cautious and don't participate in hype, especially if it's a project you're not familiar with.

The final word

Crypto scams are constantly evolving, presenting traders like you with new threats to understand and mitigate. Taking the time to regularly educate yourself about new risks and how to manage them is key, and we're here to help.

Read our guide on how to spot crypto scams in 2024 for more insight, and check out our wider scam guides to understand other crypto threats.

Disclaimer
This content is provided for informational purposes only and may cover products that are not available in your region. It is not intended to provide (i) investment advice or an investment recommendation; (ii) an offer or solicitation to buy, sell, or hold crypto/digital assets, or (iii) financial, accounting, legal, or tax advice. Crypto/digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding crypto/digital assets is suitable for you in light of your financial condition. Please consult your legal/tax/investment professional for questions about your specific circumstances. Information (including market data and statistical information, if any) appearing in this post is for general information purposes only. Some content may be generated or assisted by artificial intelligence (AI) tools. While all reasonable care has been taken in preparing this data and graphs, no responsibility or liability is accepted for any errors of fact or omission expressed herein. OKX Web3 Wallet and its ancillary services are not offered by OKX Exchange and are subject to the OKX Web3 Ecosystem Terms of Service.

Related articles

View more
Wallet import general banner
Web3

How to import Coinbase wallet to OKX Wallet

Want to import your Coinbase Wallet to OKX Wallet? In this guide, we'll explain the process of importing your Coinbase Wallet into OKX Wallet— a powerful multichain wallet supporting 130+ blockchains. Because Coinbase Wallet is a self-custody wallet built to support the open Web3 ecosystem, it allows you to import your wallet’s address directly into OKX Wallet anytime you want. That means you can use OKX Wallet to view and manage the same assets. In the meanwhile, you can take advantage of enhanced security, intuitive interface, and seamless cross-chain functionality to take full control of your digital assets.
Jul 3, 2025
1
Wallet import general banner
Web3

How to import Slush wallet to OKX Wallet: Guide for Sui Wallet Users

Want to import your Slush Wallet to OKX Wallet? If you're a Sui wallet user looking to expand your crypto experience, this step-by-step guide will show you how to securely import your Slush Wallet into OKX Wallet — a powerful multichain wallet supporting 130+ blockchains, including Sui. Learn how to safely transfer your assets, manage your Sui-based tokens, and continue interacting with decentralized applications (dApps) using the same recovery phrase or wallet address. Whether you're using the mobile app or browser extension, OKX Wallet offers enhanced security, intuitive interface, and seamless cross-chain functionality to help you take full control of your digital assets.
Jul 3, 2025
Wallet import general banner
Web3

How to import Trust wallet to OKX Wallet: A Step-by-Step Guide

Want to import your Trust Wallet to OKX Wallet? If you're looking to upgrade your crypto experience with a more feature-rich wallet, this step-by-step guide will walk you through how to securely import your Trust Wallet into OKX Wallet — a powerful multichain wallet supporting 130+ blockchains. Learn how to safely transfer your assets, manage your tokens across multiple networks, and continue using popular decentralized applications (dApps) like Uniswap, OpenSea, and more — all while benefiting from OKX Wallet’s enhanced security, intuitive interface, and seamless cross-chain capabilities. Whether you’re using the mobile app or browser extension, OKX Wallet makes it easy to take full control of your digital assets.
Jul 3, 2025
Wallet import general banner
Web3

How to import Phantom Wallet to OKX Wallet: Guide for Solana & Sui Users

How to import Phantom Wallet to OKX Wallet: Guide for Solana & Sui Users Want to improve your wallet experience? Import your Phantom Wallet to OKX Wallet in a few simple steps. This guide shows you how to securely transfer your Solana and Sui assets—including tokens, NFTs, and staked tokens—into OKX Wallet, a multichain wallet that supports 130+ blockchains. Learn how to import your Phantom wallet using your recovery phrase via both our mobile app and browser extension, and explore Solana and Sui dApps like Jupiter, pump.fun, and Cetus seamlessly.
Jul 3, 2025
1
Wallet import general banner
Web3

How to import MetaMask Wallet to OKX Wallet: Guide for Ethereum Wallet users

Want to import your MetaMask Wallet to OKX Wallet? This guide shows you how to securely transfer your Ethereum assets—including tokens, NFTs, and staked tokens—into OKX Wallet, a multichain wallet that supports 130+ blockchains. Learn how to import your MetaMask wallet using your 12-word recovery phrase via both our mobile app and browser extension. Explore Ethereum-based dApps like Uniswap, OpenSea, and Aave seamlessly within the OKX Wallet ecosystem while enjoying enhanced security and cross-chain capabilities.
Jul 3, 2025
1
MP Cover
DeFi

Gas-related concepts

Gas fee Fee paid to miners. Take Ethereum as an example: when a user transfers money on the Ethereum network, the transaction can only be completed after miners pack this transaction and put it on the blockchain. This process consumes the computational power of the blockchain.
Jun 16, 2025
702
View more