Crypto phishing scams surge, $314M stolen in first half of 2024

In this post:

  • Phishing scammers stole $314 million from 266,713 people within the first six months of 2024.
  • The biggest loss was suffered by a MakerDAO delegate who lost over $11 million lost in staked Maker and Pendle tokens.
  • Scam Sniffer noted that the scammers heavily depended on impersonating legitimate crypto projects on X to lure their victims.

Blockchain security firm ScamSniffer’s mid-year report revealed that over 260,000 individuals lost $314 million to phishing scams across all Ethereum virtual machine (EVM) chains during the first half of this year.

Also Read: FBI warns of new crypto scams involving fake law firms

According to the firm, this figure exceeds the $295 million lost to phishing attacks throughout 2023, highlighting a significant increase in scam activity within the crypto industry. Market analysts have attributed the rise to the growing sophistication of phishing attacks and the higher value of cryptocurrencies

Around $60 million was lost in top 20 phishing thefts

ScamSniffer’s data indicates that March was the peak month for crypto scammers in 2024, with $71.5 million stolen from over 77,000 victims. Although this amount dropped to around $40 million in April, it has gradually increased, showing that scammers are regaining momentum.

A breakdown of the stolen funds reveals that the top 20 victims lost $58 million, each losing more than $1 million. The largest incident during the reporting period involved a MakerDAO delegate losing $11 million in staked Maker and Pendle tokens.

Crypto phishing scams
$314 million was lost by 266,713 victims in the first six months of 2024 (Source: ScamSniffer)

For the top 20 cases, nearly all victims unwittingly signed phishing signatures, allowing scammers access to their wallets. Common phishing signatures include Permit, IncreaseAllowance, increaseApproval, and Uniswap Permit 2.

Notably, most of these large thefts involved assets used for staking, Aave collateral, Pendle tokens, and restaking. While these decentralized finance (DeFi) activities offer great yields, they come with significant risk due to the tokens’ support for Permit, making them vulnerable to phishing attacks.

Twitter impersonators are responsible for most phishing attacks

An analysis of victim reports and on-chain data shows that most phishing scams begin with comments from impersonator accounts on Twitter. Verified accounts, including those with the gold checkmark for businesses, often impersonate popular crypto projects, posting comments with phishing links under their posts.

Also Read: Blockchain security firm warns TON users about phishing attacks

According to a SlowMist survey, approximately 80% of the first comments under a major crypto project’s Twitter post come from phishing scam accounts. These scammers purchase accounts similar to real ones and use promotion tools to boost interactions and followers, increasing their credibility.

SlowMist added:

“For example, a fake account named ‘Optimlzm’ can look almost identical to the real account ‘Optimism.’ After purchasing the highly similar account, phishing groups use promotion tools to boost the account’s interactions and follower count, thereby increasing its credibility.”

Despite efforts by many projects to signify the end of their tweets, the prevalence of impersonators means many still fall victim to the comments. Considering this, the blockchain security firm has advised that avoiding clicking on random links is the best protection against these scams.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Hong Kong releases stablecoin report with Binance and Circle's input
Subscribe to CryptoPolitan