These links fooled people who knew better.

Not because they were careless. These attacks are designed to fool anyone who looks at them carefully. The warning signs are never in how a link looks. They are hidden in the setup behind it.

Four scenarios. In each one, the facts were there before anyone clicked.

Scenario 1

The "claim your free tokens" link posted in your group

The situation

A Telegram group you're in, 14,000 members, active community, legitimate project. Someone posts a link promising free tokens to early members. The message looks official. The website address looks like the real one. A dozen people have already replied saying they claimed theirs.

What Unphurl returned

Unphurl bot output for uniswap-airdrop.com: Confirmed Threat Database Match, ScamSniffer listed, impersonating Uniswap, bulletproof hosting, redirect chain incomplete

When you connect your crypto wallet to a site like this, it asks permission to move your money. One tap to approve, and everything in your wallet is gone.

Scenario 2

The support DM with a verification link

The situation

You posted in a project's Discord about a transaction issue. Within minutes you get a DM from someone with an official-looking username and a project avatar. They send a link to "verify your wallet" to resolve the issue.

What Unphurl returned

Unphurl bot output for metamask-verify.com: Confirmed Threat Database Match, ScamSniffer listed, impersonating MetaMask, no MX record

Legitimate projects don't DM you first and ask you to verify your wallet. But the link looked real enough that people clicked.

Scenario 3

The app that looked exactly like the real one

The situation

A well-known crypto app is launching a new feature. Someone posts a link in Discord. The web address looks almost identical to the real one. You've used the real app before. The page looks exactly the same. You connect your wallet.

What Unphurl returned

Unphurl bot output for app-uniswap.org: Confirmed Threat Database Match, ScamSniffer listed, impersonating Uniswap, no MX record

The moment your wallet connected, the fake site asked permission to move everything in it. One tap to confirm, and it would all be gone.

Scenario 4

The 'verify your account' email that wasn't from the exchange

The situation

An email arrives that looks exactly like a message from your exchange. Same logo, same formatting, same footer. The subject line says your account needs re-verification. There's a link. You've seen emails like this from them before.

What Unphurl returned

Unphurl bot output for binance-verify.com: Risk Signals Found, impersonating Binance, redirect chain incomplete, no MX record

Real exchange emails come from the exact address you've seen before. This domain had never sent or received an email. It was registered only to send this one.

The facts are always there before anyone clicks.

Add @Unphurl_bot to Telegram. Free to start, no credit card.

Add the @Unphurl_bot to Telegram