0
0
How Tos

Staying Safe on Crypto Twitter in 2025

Seizing bull market opportunities can require split-second decisions. On X, that can be a dangerous dynamic.
0
0
Jul 22, 20253 min read

The crypto market is re-entering bull mode, but seizing every opportunity also means exercising smart judgment to keep your funds safe! X/Crypto Twitter continues to be the major arena where otherwise smart people lose it all by clicking before thinking.

Every cycle, there are countless threads detailing horror stories of successful hacks, phishing operations, impersonations, and so on. You don't want to be the one learning these lessons the hard way!

Today, we're diving into common attack vectors and what you can do to protect yourself on Crypto Twitter. 👇

🎣 Phishing/Social Engineering

Exceptionally common across X and in your email inbox, phishing is an act whereby the attacker tries to gain your trust and trick you into handing over sensitive information (such as your private keys) or granting wallet access to something sensitive (such as a drainer). 

These scams come in many forms – fake airdrops, giveaways, fake customer service help – and are often successful by playing up urgency or excitement. Sometimes, this attack vector can also come from compromised or impersonated accounts that you otherwise trust (more on that further below)

Here are a few evergreen ways to protect yourself:

  • If an opportunity sounds too good to be true, then that’s likely the case!
  • Double check URLs before clicking. If you do end up on a phishing website, do NOT interact with it and exit immediately.
  • Never share your screen or private keys, even with someone claiming to help.
  • Legitimate teams won't cold DM you asking to “verify” anything. If you’re unsure, take the conversation public or to an official support channel.
  • Be wary of DMs from strangers — even those you think you know. Which brings us nicely to the next attack vector…

👺 Impersonation

When it comes to pulling off a scam, establishing trust is often essential. Attackers often set up X profiles that impersonate other individuals in the crypto space or claim to be an employee representing a known company. These profiles mimic everything from profile pictures, job titles, bios, and links.

These attackers have various goals, such as:

  • Building a relationship with you with the intention of eventually sending a phishing link.
  • Pretending to work for a particular company so they can do things like “book you onto a podcast” or “schedule an interview” with you, with the intention of sending a calendar invite containing malicious links, or even going as far as to prompting you to download fake meeting software with the intention of a full takeover of your device.

Here’s how to protect yourself:

  • Look for subtle differences in usernames (e.g., “0” instead of “O”, added underscores).
  • Double verify the person you’re talking to is who they say they are. Contact the company they claim to work for, and email the person directly if you already know them.
  • Consider only interacting with verified accounts, but remember that alone doesn’t guarantee safety.

⚠️ Compromised profiles

Every so often, a reputable profile on X will be compromised, perhaps even a gold-check verified organization! An attacker will gain access and use it to post phishing links from that profile. 

Leveraging this same approach, occasionally website frontends are also victim to malicious takeovers – even when you’re transacting on a trusted website, stay vigilant! Follow founders and community members related to projects you use; they should be quickest to flag any exploits of those projects.

🏆 General best practices

Some of the biggest figures in the space have been victims of security incidents on X – no one is immune! Mostly, these attacks are easily identifiable in retrospect, but when you're in a rush, mistakes happen.

Here are some other best practices to follow when going about your X routine:

  • Take a second to think. Just pausing and thinking about what you’re about to do goes a long way when it comes to things like connecting a wallet to an unknown website.
  • Browser-based wallets, such as MetaMask, will typically show warnings if you’re on a suspected phishing website. Don’t ignore them.
  • Watch out for shortened links too, these can often mask phishing domains.
  • Use multiple wallets. Don’t keep your main funds in the wallet you use for day-to-day web3 interactions.
  • Regularly audit and revoke token approvals using tools like Revoke.cash to prevent malicious contracts from draining your wallet.
  • Assume that any link or account, even one from a trusted person or project, could be compromised. Take the time to assess and act accordingly.
  • Use app-based 2FA for all of your accounts.
  • Stay up to date with reputable security researchers such as @peckshield and @ZachXBT. Bankless Citizens can also receive security alerts via Discord.

Crypto Twitter is where the action happens. But not all of that action is the kind you want to be part of. Stay vigilant and stay skeptical!

Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here.

Published in Bankless

There’s a revolution in the world of money. Ethereum, Bitcoin, crypto, open finance, DeFi—a bankless revolution. And you want part of it.