What exactly is approval phishing? It's a theft method that moves your assets without stealing your private key. The attacker sets up an official-looking site (often branded as a "limited-time airdrop") and lures you to connect your wallet and sign a transaction. You think you're "claiming an airdrop," but what you actually sign is an approval to "let this contract spend your tokens without limit" or "move all your NFTs." Once the approval takes effect, they can drain your assets without your knowledge. Throughout, your private key and seed phrase never leaked.
Why do you get hit even with the key safe? Because the theft happens at the signature layer, not the key layer. Every on-chain action requires a private-key signature to authorize, but your wallet usually doesn't hand over the key itself — it signs an instruction locally and sends that. The catch is what's in that instruction: it could be a harmless transfer or a dangerous unlimited approval. The attacker doesn't need your key; they just need to trick you into "agreeing to sign" a dangerous instruction. That's why guarding your key is just the basics, while understanding every signature is the real defense.
How do you tell whether a signature is safe? Check three things. First, type: is it a plain "transfer" or an "approval" (approve / setApprovalForAll)? Approvals deserve extra caution. Second, amount: is the approved quantity a specific, reasonable number, or "unlimited"? Unlimited approval is the biggest red flag. Third, target: do you recognize the contract address being approved? Is it the legitimate protocol you're actually using? If any one of these is unclear or feels off, cancel. Ten extra seconds to look closely beats an unrecoverable loss afterward.
Follow this five-point checklist. One: always read the content before signing, distinguish "transfer" from "approval," and cancel on sight of unlimited approval. Two: always remember a legitimate airdrop needs no approval signature and never asks for your seed phrase. Three: periodically use an approval-management tool to review and revoke old or suspicious approvals. Four: keep large assets in a cold wallet and use the hardware wallet's clear signing to double-confirm on the device. Five: keep only small amounts in your daily hot wallet, and separate the wallet you interact with from the one storing large funds. Make these five reflexive and you'll dodge the mainstream on-chain theft playbooks.