The Phishing Approval (Wallet Drainers)
You connect your MetaMask to claim a "free" NFT or airdrop you found on Twitter. The site prompts you to click "Approve Transaction." Unknowingly, you just signed an infinite token approval contract.
This is the most common hack in Web3. The malicious contract doesn't just take the gas fee; you literally handed it the cryptographic master key to withdraw 100% of your USDC and altcoins at will. Never sign approvals on sites unless you can verify their audit history, and always use a hardware wallet extension to simulate transactions before signing.
The "Pig Butchering" Romance Scam
It starts with an "accidental" text message from a beautiful stranger ("Hi, is this John?"). Over weeks, they build a deep, platonic or romantic relationship with you. They never ask for your money directly.
Eventually, they casually mention how they are making a fortune trading crypto through "insider nodes" and offer to show you how. They guide you to deposit your funds into a fake trading platform they completely control. The dashboard shows you making massive profits, but when you try to withdraw, you are slammed with "tax fees"—and ultimately realize your money was stolen the moment you deposited it.
Fake Customer Support on Social Media
If you tweet that you are having trouble with your Coinbase account or your Ledger device, within 5 seconds, ten verified accounts mimicking the official support team will reply or DM you.
They will act incredibly professional and send you a link to a "support portal" where you must enter your 12-word Seed Phrase to "sync your node." The moment you type those words into any digital keyboard, your entire net worth is vaporized. Real support will never ask for your seed phrase.