Trust Issues: Zscaler Warns Web3 Isn’t Ready for GenAI Phishing Attacks

The foundational ethos of the crypto space is ‘trust the code.' However, in 2025, the primary vulnerability lies not within the code itself, but in the users:

• their habits, 
• shortcuts, 
• devices, 
• attention. 

According to Zscaler’s ThreatLabz, attackers are leveraging advanced techniques, outpacing the security efforts of many rapidly scaling Web3 startups.

A new report from the cloud security leader, Zscaler, reveals a sharp shift in the phishing landscape. Based on over two billion blocked phishing attempts in 2024, the findings are as clear as they are chilling: mass phishing is out, precision phishing is in. And the Web3 world—fast-moving, remote-first, and interface-obsessed—is sitting in the center of the blast radius.

The phishing game has changed. Attackers are using GenAI to create near-flawless lures and outsmart even AI-based defenses,

says Deepen Desai, Chief Security Officer at Zscaler.

In a world where crypto risks are growing fast, staying safe is more crucial than ever. Discover expert strategies to avoid scams, phishing attacks, and costly mistakes in our latest education piece!

The Code Was Fine—The Trust Wasn’t

The report’s central message for crypto teams is stark: while smart contracts may be secure, users remain the primary target. Indeed, the most successful attacks in 2024 bypassed code vulnerabilities entirely, relying instead on convincing interfaces, familiar branding, and exploiting a sense of urgency.

In the past, phishing meant mass emails. 

Today, it means:

• Spoofed wallets, 
• Malicious AI agents, 
• Fake DevOps tools, 
• Real-time impersonation of your IT team.

Web3 doesn’t get a pass. It gets targeted.

Vishing Makes Its Way Into Web3 IT Desks

One of the sharpest spikes in 2024 was in vishing—voice phishing attacks where bad actors call startup employees pretending to be from their internal IT department. Using breached credentials and malware logs, they build credibility fast.

Zscaler’s report notes how DevOps engineers, remote designers, and even DAO moderators are falling for these calls. The attacker doesn’t need to sound like your CTO. They just need to know what tool your team uses—and when someone’s off-guard enough to approve an “urgent access request.”

A phishing attack targeting MailerLite users has cost victims over $700,000, with major crypto brands caught in the fallout. Get the full story in our news coverage!

Phishing-as-a-Service Hits Your Wallet First

The scariest part? Many phishing pages today look better than the real thing.

The report highlights a surge in fake crypto exchanges and wallet clones, targeting unsuspecting users through:

• SEO manipulation (search engine poisoning),
• Fake Telegram bots,
• Scam social ads offering “airdrops” or “upgraded features.”

These cloned sites capture private keys or login sessions, then drain funds. For newer users and solo traders, there’s no clear red flag—just the wrong link.

It’s a fundamental breakdown of interface trust. And as more crypto apps migrate to browser-based wallets, the surface grows faster than the defenses.

Fake AI Agents, Real Wallet Drains

As Web3 builders increasingly adopt generative AI tools (ChatGPT, Gemini, and open-source LLMs), they’re also becoming targets of a new kind of phishing: fake AI platforms.

The lure is simple:

• “Access GPT-5 early,”
• “Train your own bot,”
• “Run on-chain AI with one click.”

One wrong download and your dev environment is compromised. The attackers don’t need to find your mnemonic, they just need a backdoor into the laptop that holds it.

According to ThreatLabz, these campaigns now spread via YouTube ads, X threads, and Discord invites. 

The attack is weaponized marketing, not a hack.

Match Systems has exposed the team behind the phishing app Angel Drainer, which stole $25 million from 35,000 users before shutting down. Dive into the full story in our news coverage!

Why “Pay This Invoice” Might Be Your Weakest Link

One of the most interesting revelations in Zscaler’s 2025 report is that global phishing is down 20% year-over-year. That sounds like good news—until you look closer.

Phishing isn’t shrinking. It’s concentrating.

Attacks in 2024 focused on fewer targets with greater precision:

• India overtook the UK in attack volume.
• Germany and Canada saw major spikes.
• In all five leading countries, tech companies were among the most hit.

Why? Because these are cloud-native markets with massive startup ecosystems. Crypto, fintech, AI, SaaS—it’s one big surface area. And no, your .xyz domain doesn’t make you invisible.

Zscaler’s View: Zero Trust, or Zero Chance

Zscaler isn’t just observing these shifts—it’s arguing for a response. The company frames phishing in 2025 as an AI arms race, where the only real defense is AI-powered Zero Trust architecture.

This means:

• Inspecting encrypted traffic without decryption risks,
• Validating device posture before granting app access,
• Blocking suspicious AI interactions and spoofed domains in real time.

Organizations must leverage equally advanced AI-powered defenses to outpace these emerging threats,

says Desai.

For crypto teams, this means going beyond hardware wallets and browser extensions. 

It means securing the people layer. Because attackers already moved there.

Torq has raised $70 million to expand its AI-driven cybersecurity solutions, as demand for automated defense grows among major clients like Procter & Gamble and PepsiCo. Get the full story in our news coverage!

The Smartest Hacks Don’t Touch Code

In crypto, we don’t trust. We verify.

But 2025 is testing that maxim. Not at the protocol level—but at the product, user, and founder level. Because the thing phishing exploits best isn’t your smart contract.

It’s your confidence.

And as Zscaler warns: the next breach probably won’t come through your backend. It’ll come through the front door. And will wear your brand colors and ask politely for access.