Glossary Security & Privacy Signature Phishing
Security & Privacy Advanced

Signature Phishing

Definition

Tricking users into signing seemingly harmless messages that actually authorize token transfers or approvals. Common in fake NFT mints, airdrops, and dApp connection requests. Always read what you're signing.

📖
Difficulty
Advanced
🏷️
Category
Security & Privacy
📚
See Also
8 related

Key Takeaways

1

Tricking users into signing seemingly harmless messages that actually authorize token transfers or approvals.

2

Common in fake NFT mints, airdrops, and dApp connection requests.

3

Always read what you're signing.

Why It Matters

This security concept directly protects your crypto assets. Ignoring it puts your funds at risk. Even experienced users should regularly review their security practices.

Related Terms in Security & Privacy

Private Key Security
The practice of protecting your cryptocurrency private keys from theft, loss, and unauthorized access. Includes hardware wallets, encrypted backups, physical security, and operational security protocols.
Seed Phrase Backup
Securely storing your wallet's recovery phrase offline. Best practices include metal backups (fire/water resistant), multiple locations, and never storing digitally. Losing your seed phrase means losing access permanently.
Hardware Wallet
A physical device storing private keys offline in a secure element chip. Transactions are signed on-device and never expose keys to the internet. Ledger, Trezor, and Keystone are leading brands.
Air-Gapped Wallet
A wallet on a device with no network connectivity — no WiFi, Bluetooth, or USB data. Signs transactions via QR codes or microSD cards. The highest security level for crypto storage.
Multi-Sig
A wallet requiring multiple private key signatures to authorize transactions. Common configurations: 2-of-3, 3-of-5. Eliminates single points of failure. Used by DAOs, exchanges, and security-conscious individuals.
2FA
Two-Factor Authentication — requiring a second verification method beyond your password. TOTP apps (Google Authenticator, Authy) generate time-based codes. Essential security for all crypto exchange accounts.
TOTP
Time-based One-Time Password — a 2FA method generating 6-digit codes that change every 30 seconds. More secure than SMS-based 2FA because it's not vulnerable to SIM swap attacks.
YubiKey
A physical security key providing hardware-based 2FA via USB or NFC. Phishing-resistant because authentication requires physical presence of the key. The gold standard for account security.

Explore Other Categories

Core & Fundamentals Trading & Markets DeFi Technology & Protocol NFTs & Gaming Regulation & Legal Mining & Consensus

Want to master crypto?

Get daily crypto intelligence delivered to your inbox — free forever.

Subscribe Free → Browse Guides →