3 min read
Dymension, OpenSea And Pyth Last Month Targeted In $55m Phishing Scams Last Month
AI Overview
January 2024 saw roughly 40,000 victims lose about $55 million to phishing across EVM chains, with attackers leveraging wallet drainers and ERC‑20 permit/increaseAllowance exploits to empty non‑custodial wallets.
- Scale & targets: 40k victims and ~$55M stolen in one month; top seven wallets lost $17M; Ethereum mainnet and other EVM chains were primary targets.
- Common attack vectors: About 11,000 phishing sites were created, using wallet drainers and signature exploits to trick users into signing malicious transactions.
- Business risk & response: Overall losses fell in 2023 versus 2022, but airdrops/events spike attacks; firms should monitor Scam Sniffer’s database and strengthen wallet UX and risk controls.
The Ethereum mainnet continues to be the chain of choice for scammers as data from anti-scam firm Scam Sniffer today (9 February 2024) reveals that during the last month of January, $55million was stolen in phishing scams across Ethereum Virtual Machine (EVM) chains.
Phishing for crypto
As per a blog from Scam Sniffer, January 2024 was a particularly bad month for phishing scam victims with approximately 40k people losing just under $55million in just one month. All EVM chains, such as Polygon, Avalanche, Optimism, BNB, and others were hit.
Wallets holding large sums are ideal targets, with the top seven victims sharing a total loss of $17m.
As per Scam Sniffer, common methods used by hackers included ERC-20 Permit function and increaseAllowance signature exploits, which were used to deceive users into transferring funds from their non-custodial wallets thinking they were legit operations.
According to the report, scammers created 11,000 phishing websites in January. These sites impersonated the likes of Manta Network, Dymension, zkSync, Opensea, Pyth, and others, with nine websites being found to have active wallet drainers.
Seemingly, phishing attacks tend to spike during periods of airdrops or project events. These can be especially prevalent during bull runs also, with a majority of victims being baited onto illegitimate websites by comments from fake accounts.
Scams on the decline?
According to a 2023 summary report from Scam Sniffer, around 324,000 users fell victim to crypto phishing scams that year, with wallet drainers on these malicious sites stealing approximately $295.5m from victims.
Wallet drainers are a particularly effective malware deployed onto these websites. These sites trick users into signing false transactions with their wallets, enabling scammers to easily steal their funds.
Despite this, other end-of-year reports detailing the state of crypto scams, hacks, and other malicious activities noted that there had been a rather large decline in losses over the past year. Previously, we reported that $1.8bn was lost in 2023, which is over half of what it was in 2022 when crypto security incidents totaled $3.7bn.
With any luck, this downtrend will continue as the crypto community, industry, and others work to stifle the efforts of malicious actors that plague the space.
Scam Sniffer has a Web3 Scam Database that contains thousands of domains and addresses of malicious websites and wallet addresses, which users are urged to review, especially when they suspect something is wrong.
Thank you for your feedback! We’re glad you found this article helpful.
An error occurred while sending the form, please try again.
We are sorry. You've already sent a message within the last 60 seconds. Please wait before sending another.
Thank you for letting us know! Our team will review your feedback to help improve our content.
We're sorry you did not find what you were looking for. Please select the reason this article was not helpful.
You’re in. Thanks for joining our newsletter. 
