Crypto Phishing Incidents Drain $104 Million in Early 2024
Over the first two months of this year, an estimated 97,000 users were affected by phishing incidents, culminating in a staggering $104 million in losses, according to data from the security firm Scam Sniffer. This included $57.7 million lost to phishing incidents in January and $46.8 million during February.
Users on Ethereum have been the prime target, with $78 million of the total losses associated with users’ assets such as ether and ERC20 tokens being drained.
The majority of the stolen funds were due to victims unwittingly signing malicious phishing signatures, including “ERC20 Permit” and “increaseAllowance” signatures. These signatures, when malicious, grant attackers access to the victim’s funds without their knowledge.
Phishing attacks can be a major concern because signing only one malicious signature may result in the loss of all assets stored in a wallet.
Scam Sniffer’s analysis also shed light on the tactics used by these cybercriminals, noting that a large number of victims were lured to phishing sites through deceptive comments on social media platforms, particularly Twitter. These comments, posing as legitimate accounts, attempt to direct users to malicious sites where their assets are compromised.
“Most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts,” Scam Sniffer noted.
The total funds lost by users to crypto phishing attacks amounted to $300 million during all of 2023.
ChatGPT
Phishing incidents persist as a significant threat to cryptocurrency users.
In the initial two months of this year, approximately 97,000 users fell victim to phishing schemes, resulting in a staggering $104 million in losses, according to data provided by the security firm Scam Sniffer. This comprised losses of $57.7 million in January and $46.8 million in February.
Users operating on the Ethereum network were predominantly targeted, with $78 million of the total losses attributed to the depletion of assets such as ether and ERC20 tokens.
A considerable portion of the stolen funds stemmed from victims unwittingly authorizing malicious phishing signatures, including those labeled as “ERC20 Permit” and “increaseAllowance.” These signatures, when manipulated, grant attackers unauthorized access to victims’ funds.
The gravity of phishing attacks lies in the fact that even a single inadvertent authorization of a malicious signature can lead to the complete loss of assets stored within a wallet.
Scam Sniffer’s analysis further elucidated the methods employed by cybercriminals, highlighting that a significant number of victims were enticed to phishing websites through deceptive comments on social media platforms, particularly Twitter. These comments, impersonating legitimate accounts, aim to redirect users to malicious sites where their assets are compromised.
“Most victims were lured to phishing websites through deceptive comments made by impersonated Twitter accounts,” noted Scam Sniffer.
The cumulative losses incurred by users due to cryptocurrency phishing attacks amounted to $300 million throughout the entirety of 2023.