Approval Phishing
A scam that tricks users into granting a malicious wallet or smart contract permission to spend tokens from their wallet.
Approval phishing is a wallet security scam where an attacker convinces a user to sign a transaction that grants spending permission, often called an approval or allowance, to a malicious smart contract. Instead of asking the user to send funds directly, the scam hides behind a fake mint, airdrop claim, token swap, support page, or wallet verification prompt. Once approved, the attacker can use that permission to transfer approved tokens from the victim’s wallet, sometimes immediately and sometimes later.
It matters because approvals can be broad, hard to read, and easy to mistake for harmless login signatures. For example, a fake NFT marketplace may ask you to “approve” access before listing an item, but the transaction may actually allow the attacker to move all tokens of that type. This is different from simply connecting a wallet, which usually only lets a site view public wallet information. Users can reduce risk by checking transaction details carefully, avoiding unknown links, using limited approvals when possible, and periodically revoking old or suspicious token allowances.
Other terms in Wallets & Security
Address Poisoning
A wallet scam where attackers plant lookalike addresses in your transaction history so you might copy the wrong recipient later.
BIP-39
A standard for turning wallet backup data into a human-readable seed phrase, usually 12 or 24 words.
Crypto Wallet
A tool that stores and manages the private keys needed to access and use cryptocurrency on a blockchain.
Custodial Wallet
A wallet where a third party, such as an exchange, holds the private keys and controls access to the crypto on your behalf.