Ledger Wallet™ just got a major upgrade.

Take control today

A whole new level of choice, clarity and control

Trade different via Ledger Wallet 4.0

Download now Learn more

Ice Phishing

Jun 2, 2026 | Updated Jun 2, 2026
Ice Phishing is a scam where a user is tricked into signing a malicious token approval or smart-contract authorization.

What Is Ice Phishing?

Unlike classic phishing, which may try to steal a Secret Recovery Phrase, ice phishing targets the approvals a wallet grants to token, NFT, or smart-contract spenders. In these attacks, the victim signs an approval or operator authorization that can later be abused to transfer assets without requiring further user consent.

A common example is setApprovalForAll for NFTs or a token allowance approval for fungible tokens. Depending on the approval scope, an attacker may be able to transfer only specific tokens or gain broader operator rights over an entire collection. Given that the attacker may not always drain the wallet immediately, some approvals are exploited right away while others are held and used later, making the attack easy to miss.

How Does Ice Phishing Work?

Ice phishing often relies on confusing transaction prompts or poor visibility into what a smart contract is asking you to approve.

  1. You visit a fake DeFi site, NFT mint page, or claim page that imitates a legitimate service.
  2. The site asks you to approve a token allowance or operator permission.
  3. If the wallet prompt is unclear, you may sign without realizing the approval is broad.
  4. The attacker uses that approval to transfer only the assets covered by it, either immediately or at a later point.

How to Stay Secure

The best defense is to carefully verify approvals before signing and to revoke unnecessary approvals regularly.

  • Verify on the Device: Review the exact approval, spender address, and asset details on the hardware wallet screen. Where possible, use apps that utilize Clear Signing to display transaction details in plain, human-readable language rather than opaque raw data.
  • Avoid Unclear Prompts: Treat generic warnings, raw data screens, or prompts you cannot interpret as high risk. Human-readable details are necessary, but not sufficient; a clearly displayed prompt still requires careful scrutiny before signing.
  • Audit Approvals: Periodically check and revoke old token approvals and operator permissions you no longer need using reputable revoke tools.
  • Utilize a secure screen: Using a device with a secure screen, such as a Ledger signer, is more reliable than a computer or phone screen, which can be manipulated by malware. Pair this with careful review of the spender address and approval scope before confirming, since readable details only protect you if you check what they actually say.

Slippage

Slippage is the difference between the expected outcome and the actual outcome of a trade. It occurs when a trader settles for a different price than they requested to buy or sell an asset, either…

Full definition

EIP-712

EIP-712 is a standard dictating how to structure and sign data on Ethereum so that it is both human-readable and machine-verifiable. .

Full definition

GM

GM stands for “Good Morning" - a common greeting the crypto community uses to promote inclusivity and positivity in the space.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.