Increasingly sophisticated phishing attacks in Web3—such as malicious smart contract logic, compromised frontend scripts, and anomalous token approvals—pose severe threats to user assets and undermine trust in decentralized applications. Method: This paper proposes a real-time risk detection framework based on multimodal transaction simulation. It is the first to jointly model user interface (UI) elements and on-chain behaviors by executing sandboxed transaction simulations to extract behavioral, contextual, and UI features. The framework employs multiple large language models (LLMs) for intent inference, integrates a multi-LLM consensus mechanism, and incorporates a self-reflective decision module to enhance robustness and interpretability. Contribution/Results: Evaluated on a curated phishing dataset, our approach achieves significant improvements in precision and recall, effectively identifying three canonical attack patterns—malicious contracts, hijacked frontends, and unauthorized token approvals—thereby establishing a novel proactive paradigm for Web3 security.

Phishing attacks in Web3 ecosystems are increasingly sophisticated, exploiting deceptive contract logic, malicious frontend scripts, and token approval patterns. We present DeepTx, a real-time transaction analysis system that detects such threats before user confirmation. DeepTx simulates pending transactions, extracts behavior, context, and UI features, and uses multiple large language models (LLMs) to reason about transaction intent. A consensus mechanism with self-reflection ensures robust and explainable decisions. Evaluated on our phishing dataset, DeepTx achieves high precision and recall (demo video: https://youtu.be/4OfK9KCEXUM).