Crypto Phishing attacks are getting worse, The stolen amount in the first half of 2024 is already higher than all of 2023.
Attackers are tricking users into approving fake transactions that steal their crypto.
Be aware of suspicious links, don’t share private keys, and use security tools to avoid becoming a victim.
The mid-year report of ScamSniffer reveals some worrisome tendencies of phishing attacks in the context of cryptocurrencies.
[1/8] ScamSniffer Mid-Year Phishing Report In H1 2024, 260k victims lost $314M across EVM chains. 20 people lost over $1M each, totaling $58M.
Compared to $295M stolen last year, this year hit that in just 6 months! pic.twitter.com/S1X3p3Ujj0
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) July 5, 2024
In particular, 260,000 victims suffered $ 314 million losses in the first half of 2024 on EVM chains, which exceeds the amount of $ 295 million stolen in the previous year.
These numbers have risen sharply, proving that the complexity and frequency of the phishing plans directed toward crypto clients are on the rise.
Here’s All You Need To Know:
A Record-Breaking Heist
In a striking development, 20 individuals fell victim to phishing attacks exceeding $1 million each, totaling a jaw-dropping $58 million.
Notably, one victim experienced a loss of $11 million, marking this as the second-largest crypto heist in history.
Deceptive Techniques on the Rise
The ScamSniffer report sheds light on the prevalent phishing tactics used in these thefts, including the use of Permit, IncreaseAllowance, and Uniswap Permit2 signatures.
Attackers frequently exploit seemingly legitimate services to redirect funds, resulting in significant asset losses.
In some cases, victims were lured to phishing sites through deceptive comments on Twitter, often from accounts impersonating reputable brands.
Phishing groups now utilize bot accounts to post initial comments on tweets from official and high-profile projects, employing social engineering tactics to trick users into interacting with fraudulent forms on fake websites.
Breaking Down the Phishing Attacks
Assets Targeted:
Staked Assets: Significant losses were reported concerning staked assets, which become irretrievable once compromised due to Permit support.
Other targeted assets included staking, restaking, Aave collateral, and Pendle tokens. These attacks suggest that attackers are focusing on high-value and highly liquid assets within the crypto sphere.
Common Attack Vectors:
Credential Stuffing and Fake Wallets: Credential stuffing and fake wallets were commonly employed tactics. Phishing attempts often occurred via comments under tweets from key accounts, with bots mimicking authoritative profiles.
Effective Prevention Strategies
To safeguard your crypto assets and avoid becoming a victim, consider these crucial prevention tips:
Enhance visibility:
Improving the visibility of phishing signatures can help combat these attacks. Better display and recognition can significantly reduce the likelihood of falling victim to phishing schemes.
User education:
Training users to avoid granting sign permissions and interacting with malicious links is essential. Awareness campaigns and informative tools can empower users to make informed decisions and navigate the crypto landscape with greater safety.
Secure storage:
Avoid storing private keys on cloud services or sharing them through instant messaging platforms like WeChat. Implementing robust safeguarding measures is crucial to preventing unauthorized access to your keys.
Verification tools:
Use security detection tools to verify the legitimacy of tokens and prevent fraud. These tools complement tokenization benefits by helping users validate tokens and avoid scams.