The Ethereum mainnet continues to be the chain of choice for scammers as data from anti-scam firm Scam Sniffer today (9 February 2024) reveals that during the last month of January, $55million was stolen in phishing scams across Ethereum Virtual Machine (EVM) chains.
Phishing for crypto
As per a blog from Scam Sniffer, January 2024 was a particularly bad month for phishing scam victims with approximately 40k people losing just under $55million in just one month. All EVM chains, such as Polygon, Avalanche, Optimism, BNB, and others were hit.
Wallets holding large sums are ideal targets, with the top seven victims sharing a total loss of $17m.
As per Scam Sniffer, common methods used by hackers included ERC-20 Permit function and increaseAllowance signature exploits, which were used to deceive users into transferring funds from their non-custodial wallets thinking they were legit operations.
According to the report, scammers created 11,000 phishing websites in January. These sites impersonated the likes of Manta Network, Dymension, zkSync, Opensea, Pyth, and others, with nine websites being found to have active wallet drainers.
Seemingly, phishing attacks tend to spike during periods of airdrops or project events. These can be especially prevalent during bull runs also, with a majority of victims being baited onto illegitimate websites by comments from fake accounts.
Scams on the decline?
According to a 2023 summary report from Scam Sniffer, around 324,000 users fell victim to crypto phishing scams that year, with wallet drainers on these malicious sites stealing approximately $295.5m from victims.
Wallet drainers are a particularly effective malware deployed onto these websites. These sites trick users into signing false transactions with their wallets, enabling scammers to easily steal their funds.
Despite this, other end-of-year reports detailing the state of crypto scams, hacks, and other malicious activities noted that there had been a rather large decline in losses over the past year. Previously, we reported that $1.8bn was lost in 2023, which is over half of what it was in 2022 when crypto security incidents totaled $3.7bn.
With any luck, this downtrend will continue as the crypto community, industry, and others work to stifle the efforts of malicious actors that plague the space.
Scam Sniffer has a Web3 Scam Database that contains thousands of domains and addresses of malicious websites and wallet addresses, which users are urged to review, especially when they suspect something is wrong.