In the third quarter of 2024, CertificK detected phishing attacks that caused losses of over $243 million in the cryptocurrency field. Among them, "Scam-as-a-Service" platforms such as Inferno Drainer reduced the attack threshold by 80% by providing phishing toolkits. In compliance platforms such as HashKey Exchange , dynamic defense networks are being built through AI-driven phishing detection systems and hardware wallet protection systems.
Attack Principle and Technology Implementation
Attackers tamper with domain name resolution paths via DNS hijacking:
- BGP routing attack : In 2018, MyEtherWallet suffered DNS hijacking. The attacker sent the domain name resolution to the Russia server, and the user was forcibly redirected to the forged page when accessing it. The private key theft and asset transfer were completed within 10 seconds.
- SSL Certificate Forgery : Use free certificate generation tools such as Let's Encrypt to create HTTPS links that are highly similar to legitimate websites. A phishing website forged "binance.com" certificates to deceive users into entering API keys, resulting in the theft of $1.27 million worth of USDT.
HashKey Exchange deployed Onchain AML system, built a phishing feature library through Machine Learning.
- Domain name similarity analysis : Detect counterfeit domain names such as "haskkey.com" and intercept 5,321 phishing links with a similarity of over 92% in 2024.
- Transaction behavior modeling : Identify abnormal transfer patterns, such as a user making small transfers to 17 addresses within 30 minutes, and the system automatically triggers secondary verification.
HashKey Exchange stores 98% of user assets in an offline cold wallet and implements multi-signature through hardware security module (HSM).
- Private Key Physical Separation : The cold wallet private key has never been connected to the Internet, and attackers cannot obtain core assets even if they invade the hot wallet system.
- Transaction two-factor authentication : When users make large transfers, they need to enter both the mobile phone verification code and the hardware wallet dynamic password. In 2025, this mechanism intercepted 12 phishing attack attempts.
HashKey Exchange collaborates with Chainalysis to establish the KYT (Know Your Trade) system.
- Fund path tracking : When a hacker transferred the ETH obtained from phishing to the Solana chain through a cross-chain bridge, the system locked the fund flow and froze the relevant account within 2 minutes.
- Threat intelligence sharing : Synchronized phishing address blocklist with more than 50 exchanges worldwide, avoided losses of over 80 million US dollars through information sharing in Q4 2024.
III. User Protection Guide
- URL authenticity check : Verify the SSL certificate through the lock icon in the browser address bar, beware of non-encrypted links starting with "http://".
- Contract code audit : Use etherscan.io to query token contracts. If onlyOwner permission or mint function can be called, immediately mark it as high risk.
- Hardware wallet use : prioritize hardware devices such as Ledger Nano S, store the private key in an offline environment, and avoid security risks of browser plug-in wallets.
- Social engineering immunity : Be wary of links claiming "free airdrops" in Discord groups. A phishing gang fraudulently obtained the wallet authorization of 237 users by forging "OpenSea official compensation" information.
- 2% Investment Principle : Single cryptocurrency investment does not exceed 2% of total assets, and is diversified in mainstream assets such as BTC and ETH and compliance platforms.
- Stop-loss tool settings : Enable the "Trailing Stop-loss" function on platforms such as HashKey Exchange, and automatically position squaring when the token price drops by 15% to avoid emotional positions.
- License Qualification Verification : Preference will be given to exchanges holding Hong Kong Securities Supervision Commission License No. 1/7, such as HashKey Exchange, which has passed Anti Money Laundering (AML) and investor protection audits.
- User asset insurance : Compliance platforms typically offer asset insurance, such as the insurance plan that HashKey Exchange cooperates with OneInfinity to cover $400 million of assets and reduce systemic risk.
The essence of phishing is to exploit users' cognitive blind spots in technical details to commit fraud. HashKey Exchange reduces the success rate of phishing attacks by 92% through AI detection, cold wallet storage, and compliance collaboration, while maintaining the vitality of Web3 innovation. When participating in cryptocurrency transactions, users need to keep in mind that any operation that requires active provision of private keys or mnemonics is a typical feature of phishing attacks.