Is this a crypto fake-site trick site? Check before connecting your wallet
Reviewed 2026-06-25
Answer: Crypto fake-site trick sites copy real apps pixel-for-pixel to trick you into signing a malicious request. Before connecting your wallet, check the exact URL for impersonation, suspicious airdrop lures, and lookalike domains — verify first, connect second.
Who this is for
DeFi users interact with many contracts, and each connection leaves an approval that never expires on its own. Over time those approvals accumulate into a large attack surface. This page covers the checks experienced DeFi users run to keep their exposure under control.
The problem
One fake site that looks exactly like the real one is all it takes. The trap arrives through a DM, an ad, or an airdrop notification, and the signature you sign may drain your wallet before you notice anything is wrong.
Most people only check after something goes wrong. A scan takes under a minute and surfaces the specific flags that matter — before you commit to any action.
Warning signs to watch for
- The URL is a near-exact copy of a known brand with one letter changed
- The page arrived via a DM, social-media ad, or unexpected airdrop notification
- There is strong pressure to connect your wallet or sign immediately
- The domain was registered recently or the SSL certificate is from a free authority
- The site requests approval for an unfamiliar or unusually powerful contract
Any one of these is a reason to check before acting. Several at once is a reason to stop entirely.
How to protect yourself
Check any URL before connecting your wallet to it. A scan flags known fake-site trick domains, lookalike patterns, and suspicious airdrop lures before you expose your wallet to anything.
- Open https://app.web3defender.tech and select the url scanner.
- Enter the address, token contract, or URL you want to check.
- Read the risk score and the specific flags returned.
- Revoke any approvals flagged as risky — revoke is a standard transaction.
- Re-scan after any new protocol connection or airdrop claim.
What the scanner checks
The url scanner runs against on-chain data and returns a 0–100 risk score with the specific flags that contributed to it. No off-chain assertions are trusted. No transaction is sent during a scan — it is entirely read-only.
For individuals, the free check covers the most common threats. For teams and funds, batch API access is available with structured output for compliance workflows and audit logs.
General habits that compound the protection
- Check before connecting — not after. A scan takes less time than it takes to regret skipping it.
- Revoke approvals to contracts you no longer use. Unlimited approvals that sit idle are the most common attack surface in DeFi.
- Open dApps from bookmarks or by typing the URL yourself — never from links in DMs, emails, or ads. The URL is the single most reliable signal you control.
- Treat urgency as a signal to slow down. Every social-engineering attempt creates false time pressure. If something feels rushed, that feeling is the warning sign.
- Verify independently. Legitimate services never DM you first or ask you to sign anything outside the official app.
Frequently asked questions
Do old token approvals ever expire automatically?
Only if the contract or token standard includes an expiry — most do not. Standard ERC-20 approvals are indefinite. Revoke approvals to any contract you no longer use.
Is revoking an approval free?
Revoking is a standard on-chain transaction and costs a small amount of gas. The cost is typically under a dollar on mainnet and much less on L2 chains.
Which approvals carry the highest risk?
Unlimited approvals (max uint256) to unverified or inactive contracts carry the most risk. Also watch for approvals to bridges or aggregators you used once and never returned to.
Is the scanner free to use?
Yes. A free check is available at https://app.web3defender.tech. No account is required for individual checks.
How long does a scan take?
Most scans complete in under fifteen seconds. Results include a risk score and the specific flags that contributed to it.