The top 20 crypto phishing victims of the first half of the year lost $58 million, according to Scam Sniffer
According to blockchain security company Scam Sniffer, crypto phishing scams in the first half of this year stole $341 million, more than the $295 million taken by scammers in all of 2023.
Security expert and SlowMist founder Yu Xian said the phishing incidents in the first half of the year were very profitable for attackers. He added:
“There are 20 large accounts that have been phished for more than one million US dollars. Most of them are caused by the offline authorization signature of permit being phished away.”
Twenty individuals suffered losses exceeding $1 million each
The report shows that about 260,000 victims lost $314 million across all Ethereum Virtual Machine (EVM)-compatible chains between January and June 2024. Among them, the top 20 victims each lost over $1 million, adding up to $58 million. Notably, most of these users were tricked by several signature permits.
The report indicated:
“In the Top 20 victim’s case, most of the thefts of all ERC20 tokens were due to signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2.”
During this period, the biggest loss was suffered by one user who lost $11 million, making them the world’s second-largest individual theft victim. This happened due to a permit signature phishing attack, where the user lost $11 million worth of aEthMKR and Pendle USDe tokens.
The report also revealed that most large thefts involved staking, restaking, Aave Collateral, and Pendle tokens. Pendle-related thefts made up 23.6% of the total, while restaking assets accounted for 19.5%. Aave Collateral thefts were at 18%, and staking thefts were around 8%.
Phishing attack tactics
Scam Sniffer reported that most phishing attacks were caused by fake accounts on X, formerly known as Twitter. Victims were directed to phishing websites through deceptive comments on the platform.
It stated:
“From Mist-Track intelligence and victim feedback, most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts.”
FAQs
What is Scam Sniffer?
Scam Sniffer is a blockchain security firm that specializes in identifying and analyzing fraudulent activities within the cryptocurrency space. They focus on detecting phishing scams, tracking stolen funds, and providing security insights to help protect users and organizations from malicious attacks.
What is Crypto Phishing?
Crypto phishing refers to fraudulent activities where scammers attempt to steal cryptocurrency from individuals or organizations through deceptive means. This typically involves tactics such as creating fake websites or emails that mimic legitimate cryptocurrency platforms or services. Scammers may trick users into providing their private keys, passwords, or other sensitive information, allowing them to access and steal digital assets.
Who typically falls victim to these scams?
Scammers typically do not target companies; they focus on individuals. These individuals are often singled out, targeted by fraudsters, or chosen randomly. They are encouraged to invest in seemingly profitable cryptocurrency schemes, often through dubious exchanges.
Moreover, in many cases, the operators of these exchanges simply abscond with the funds as soon as they are deposited. Alternatively, individuals may hand over money for a crypto-asset and either lose control of it or never truly gain control in the first place. Ownership of a crypto-asset is tied to possession of the private key, not necessarily the initial investor.
Even if an investor has the private key, losing or stealing it is risky. A common tactic is for fraudsters to establish a crypto exchange and mislead buyers about their holdings and the supposed rising value of their assets. However, when users attempt to withdraw funds, they discover they cannot access them.
The key takeaway from these scams is that anyone considering investing in cryptocurrency should only use reputable, well-known exchanges, which can be verified through basic internet research.
Common Types of Cryptocurrency Fraud and How They Operate
Watch out for these common cryptocurrency frauds:
-
- Fake Exchanges and Investment Scams: Fraudulent schemes lure novice investors with promises of high returns through fake exchanges or investment opportunities, then disappear with deposited funds.
- Social Engineering: Scammers use manipulative tactics to convince people to transfer money, which they convert into cryptocurrency to evade detection.
- Pump and Dump Schemes: Promoters artificially inflate cryptocurrency prices with misleading information, then sell quickly to profit, leaving others with losses.
- Fake ICOs: Scammers create phony initial coin offerings (ICOs) by promising new cryptocurrencies, collecting funds from investors, and disappearing without delivering.
- Phishing and Malware: Hackers use phishing emails, fake websites, or malware to steal login credentials or private keys and gain access to cryptocurrency wallets.