Glossary
Ice Phishing
A phishing technique that tricks the victim into signing a token approval or `setApprovalForAll` — granting the attacker permission to drain the wallet later.
Most crypto phishing in 2023–2024 was "ice phishing", a term coined
by Microsoft. The malicious site asks the user to sign an innocent-
looking transaction that is actually a token approval — typically
approve(attacker, MAX_UINT256) for an ERC-20, or
setApprovalForAll(attacker, true) for NFTs.
No funds move at signing; the wallet looks normal. The attacker returns later — sometimes weeks later — and uses the approval to drain everything the contract is approved on. Hardware wallets that show approval scopes, transaction simulators, and periodic approval revocation are the standard defenses.