Crypto phishing scams surge, $314M stolen in first half of 2024

Blockchain security firm ScamSniffers mid-year report revealed that over 260,000 individuals lost $314 million to phishing scams across all Ethereum virtual machine (EVM) chains during the first half of this year.

According to the firm, this figure exceeds the $295 million lost to phishing attacks throughout 2023, highlighting a significant increase in scam activity within the crypto industry. Market analysts have attributed the rise to the growing sophistication of phishing attacks and the higher value of cryptocurrencies

Around $60 million was lost in top 20 phishing thefts

ScamSniffers data indicates that March was the peak month for crypto scammers in 2024, with $71.5 million stolen from over 77,000 victims. Although this amount dropped to around $40 million in April, it has gradually increased, showing that scammers are regaining momentum.

A breakdown of the stolen funds reveals that the top 20 victims lost $58 million, each losing more than $1 million. The largest incident during the reporting period involved a MakerDAO delegate losing $11 million in staked Maker and Pendle tokens.

$314 million was lost by 266,713 victims in the first six months of 2024 (Source: ScamSniffer)

For the top 20 cases, nearly all victims unwittingly signed phishing signatures, allowing scammers access to their wallets. Common phishing signatures include Permit, IncreaseAllowance, increaseApproval, and Uniswap Permit 2.

Notably, most of these large thefts involved assets used for staking, Aave collateral, Pendle tokens, and restaking. While these decentralized finance (DeFi) activities offer great yields, they come with significant risk due to the tokens support for Permit, making them vulnerable to phishing attacks.

Twitter impersonators are responsible for most phishing attacks

An analysis of victim reports and on-chain data shows that most phishing scams begin with comments from impersonator accounts on Twitter. Verified accounts, including those with the gold checkmark for businesses, often impersonate popular crypto projects, posting comments with phishing links under their posts.

According to a SlowMist survey, approximately 80% of the first comments under a major crypto projects Twitter post come from phishing scam accounts. These scammers purchase accounts similar to real ones and use promotion tools to boost interactions and followers, increasing their credibility.

SlowMist added:

“For example, a fake account named ‘Optimlzm’ can look almost identical to the real account ‘Optimism.’ After purchasing the highly similar account, phishing groups use promotion tools to boost the accounts interactions and follower count, thereby increasing its credibility.”

Despite efforts by many projects to signify the end of their tweets, the prevalence of impersonators means many still fall victim to the comments. Considering this, the blockchain security firm has advised that avoiding clicking on random links is the best protection against these scams.