DeFiHackLabs Logo
Leaderboard
Language:

Web3 Phishing Challenges

These educational simulations help you understand and identify common Web3 phishing attacks, learning how to protect yourself in the decentralized world.
Warning: These simulations are for educational purposes only, all interactions are on test networks.

Beginner

Wallet Setup Guide

Learn how to set up a MetaMask wallet, securely store your seed phrase, and get test ETH from a faucet.

Start
Beginner

Seed Phrase Recovery Scam

Learn how scammers pose as wallet support staff to trick you into revealing your seed phrase, giving them complete access to your funds.

Start
Beginner

USDC Approval Phishing

Learn how phishing sites can trick you into approving unlimited token spending, potentially draining your wallet.

Start
Beginner

Airdrop Scam

Experience how fake airdrops can trick users into sending ETH to malicious contracts under the guise of claiming tokens.

Start
Beginner

USDT Approval Phishing

Learn how phishing sites can request unlimited USDT approvals, a common phishing strategy.

Start
Beginner

Fake Token Airdrop

Learn to identify phishing attempts that use fake domains similar to legitimate ones in token airdrop scams.

Start
Beginner

Fake Staking Contract

Learn how scammers create fake staking contracts to trick you into sending your assets to them.

Start
Beginner

Telegram Token Phishing

Learn how scammers use fake Telegram bots to trick users into revealing their seed phrases to claim fake token airdrops.

Start
Beginner

Punycode Phishing Attack

Learn how attackers use Punycode to create visually identical domains that mimic legitimate websites like Trezor.

Start
Beginner

Clipboard Phishing

Learn about clipboard-based phishing attacks that secretly replace cryptocurrency addresses during copy-paste operations.

Start Challenge
Beginner

Google Search Ad Phishing

Learn to identify phishing websites that appear in sponsored Google search results with similar domain names.

Beginner

Microsoft Teams Malware Phishing

Experience a simulated Microsoft Teams phishing attack that tricks users into downloading malware. Learn how to identify suspicious meeting invitations and safely verify files before opening them.

Start Challenge
Intermediate

TransferFrom Zero Transfer Scam

Learn how scammers use zero-value transfers to confuse users and potentially trick them into making mistakes.

Start
Intermediate

Seaport Zero Order NFT Phishing

Learn how attackers use zero price Seaport orders to trick NFT owners into giving away their assets for free.

Start
Intermediate

Blind Signature Phishing

Understand the dangers of different Ethereum signature methods and how they can be exploited in phishing attacks.

Start
Intermediate

Address Prefix/Suffix Phishing

Test your ability to identify your own wallet address among similar-looking ones with identical prefixes and suffixes.

Start
Intermediate

Uniswap Permit2 Phishing

Learn how scammers exploit Uniswap's Permit2 authorization system to steal tokens and why revoking approvals isn't enough.

Start
Intermediate

Discord Bookmark Attack

Learn how malicious bookmarks can be used to steal Discord tokens and compromise accounts. Complete the challenge by identifying the attack vector and answering security questions.

Start Challenge
Intermediate

DeFi Proxy Security Update

Important: Your DeFiSaver Proxy contract needs a security update!.

Start
Intermediate

Malicious RPC Provider

Learn how malicious RPC providers can manipulate transaction data and steal your assets.

Start
Intermediate

Telegram Fake Safeguard Scam

Learn how scammers use fake Telegram Safeguard verification to trick users into executing malicious code.

Start
Intermediate

Emergency DAO Proposal

Urgent: Your DAO needs your vote on a critical security proposal!

Start
Intermediate

Advanced Governance Phishing

Learn about sophisticated governance phishing attacks and how to protect your voting power in DAOs.

Start Challenge
Intermediate

X (Twitter) Phishing

Learn about the risks of X (Twitter) phishing.

Start
Intermediate

Tornado Cash Phishing

Learn to identify phishing indicators in a fake Tornado Cash interface. Can you spot the differences that could save your funds?

Start Challenge
Intermediate

Token Precision Phishing

Learn how attackers exploit token decimal precision to make tiny amounts appear as large balances in your wallet.

Start
Advanced

NFT Approval Phishing

Learn how phishing sites can trick you into approving all your NFTs for transfer, potentially losing your valuable digital assets.

Start
Advanced

Uniswap V3 Multicall Phishing

Discover how attackers abuse legitimate Uniswap V3 Multicall contracts to steal assets through deceptive permit signatures.

Start
Advanced

Function Selector Phishing

Decode transaction data to understand how function selectors work and why you should verify what function you're actually calling.

Start
Advanced

Safe Proxy Contract Attack

Learn how to identify and prevent proxy contract attacks through this interactive demonstration.

Start
Advanced

Transaction Simulation Spoofing

Explore how attackers exploit the time gap between transaction simulation and execution to drain wallets despite safe-looking previews.

Start
Advanced

X (Twitter) OAuth DoubleClickjacking

Learn about the new DoubleClickjacking technique that can bypass X-Frame-Options and frame busting defenses. This challenge simulates a Twitter OAuth phishing attack that uses this advanced technique.

Start Challenge
Advanced

Fake CAPTCHA Phishing

Learn to identify and avoid fake CAPTCHA verification pages that try to trick users into running malicious commands.

Start Challenge