What is crypto phishing and account takeover?

Phishing uses fake emails, texts, websites, or 'support' agents to trick you into handing over your passwords, 2FA codes, or seed phrase. With those, a scammer takes over your exchange, wallet, or email account and drains your funds.

My crypto account was hacked — what do I do first?

From a clean device, reset your email and exchange passwords, enable app- or hardware-key 2FA, revoke active sessions and API keys, check for malicious email forwarding rules, and contact your exchange to freeze the account.

A SIM swap is when a scammer takes control of your phone number so they can intercept SMS 2FA codes. If your phone suddenly loses service, contact your mobile carrier immediately to re-secure your number.

Scam guide

Crypto phishing & account takeover: how they work and what to do

Phishing and account-takeover scams use fake emails, texts, websites, or "support" agents to steal your passwords, 2FA codes, or seed phrase — then drain your exchange or wallet.

If this happened to you, it is not your fault. These messages are designed to look official and create panic. Here's how they work — and what to do right now.

Get your step-by-step action plan Where to report it

What is phishing & account takeover?

Phishing tricks you into handing over your login details, 2FA codes, or recovery phrase — usually through a fake "security alert," a look-alike login page, or someone posing as support. Account takeover is what happens next: the scammer logs in (or intercepts your codes via a SIM swap), changes your settings, and withdraws your funds.

How the scam unfolds

1.The bait. An urgent "security alert," "verify your account," or "withdrawal attempt" email/SMS — or a "support agent" who messages you (often after you posted a problem publicly).
2.The fake page. A link takes you to a login page that looks exactly like your exchange, wallet, or email.
3.You hand over the keys. You enter your password and 2FA — or share a code, seed phrase, or grant remote access.
4.Takeover. The scammer logs in, disables your alerts, adds withdrawal addresses, and drains the account.

Warning signs

🚩Urgent messages pressuring you to click a link, "verify," or log in immediately.
🚩The sender address or URL is slightly wrong — and you were sent a link instead of typing the site yourself.
🚩"Support" that messages you first, or asks for codes, your seed phrase, or remote access.
🚩A request for your 2FA code or recovery phrase — never legitimate.
🚩Your phone suddenly loses signal (a possible SIM swap to steal your SMS codes).

If your account is compromised — do this first

•From a clean device, reset your email password first, then your exchange/wallet passwords.
•Turn on app- or hardware-key 2FA (not SMS), and revoke active sessions, API keys, and approvals.
•Check your email for forwarding rules and connected apps the scammer may have added.
•Contact your exchange to freeze the account, and if you suspect a SIM swap, call your mobile carrier to re-secure your number.

Build my full action plan →

How to report it

•Your local police — file an official report and keep the reference number.
•Your national fraud body (see the full reporting directory).
•The company being impersonated, your exchange, and your mobile carrier (if a SIM swap).
•Report the scam wallet address on Chainabuse.

⚠️ Beware the second scam

"Recovery experts" may contact you promising to get your money back for a fee. The majority are scammers targeting victims a second time. Never pay anyone who guarantees recovery or asks for an upfront fee. Read the red flags →

You're not alone

Phishing works by manufacturing urgency and fear so you act before you think — even careful, tech-savvy people get caught. Reach out to someone you trust and consider a moderated victim community for support.

Get your personalized next steps

Answer 4 quick questions and get a tailored checklist, the right reporting links, and a ready-to-use evidence summary. Nothing is saved.

Start the action plan

← Back to all scam guides