The mid-year report of ScamSniffer reveals some worrisome tendencies of phishing attacks in the context of cryptocurrencies. In particular, 260,000 victims suffered $ 314 million losses in the first half of 2024 on EVM chains, which exceeds the amount of $ 295 million stolen in the previous year. These numbers have risen sharply, proving that the complexity and frequency of the phishing plans directed toward crypto clients are on the rise.
Significant individual losses
Twenty people were phished with more than a million dollars each, making the total figure $58 million, one victim lost $11 million, this is the second biggest crypto heist in history.
Phishing techniques
The report also highlighted the fact that most of the thefts were lent with phishing signatures which included Permit, IncreaseAllowance, and Uniswap Permit2. Users might use a service that seems believable and transfers the money to a transaction which seems to be legitimate , resulting in large asset losses.
Some targets were enticed to phishing sites by the use of comments on Twitter that originated from accounts impersonating the brand. Currently, phishing groups employ bot accounts to record initial comments on tweets from official and prominent projects. This tactic takes advantage of social engineering to make users undermine by presenting fake forms on the website.
Detailed Breakdown of Phishing attacks
Assets Involved:
– Substantial realized losses were observed regarding staked assets which once vanished are irrecoverable because of Permit support. Other significant ones embraced staking, restaking, Aave collateral, and Pendle tokens. The goalpost of these specific assets targets that the attackers are eyeing the valuable and especially liquidity of coins in the cryptosphere.
Attack vectors:
– Credential stuffing and fake wallets were popular in these attacks most of the time. The typical method of phishing was via remarks under the tweets of major key accounts, with the bots imitating main authoritative accounts.
Prevention Tips
Users can follow these simple tips that can save their millions worth of crypto,
1. Enhance visibility:
– Major phishing signatures can be optimized for better display and this can aid in the fighting of any attempt made. This can go a long way in minimizing the chances of one becoming a statistic to phishing scams.
2. User education:
– Users have to be trained to refrain from granting sign permissions as well as avoid interaction with links with malicious content. Those counseling/awareness campaigns along with informative tools may help users make better decisions and work in the less risky sphere of the crypto industry.
3. Secure storage:
– It is advisable not to store the private keys in the cloud services or share through the instant messaging such as WeChat. Safeguarding measures makes it impossible for unauthorized personnel to access the keys.
4. Verification tools:
– As for the actual frauds instead of the clearly suspicious tokens, users can check the tokens’ legitimacy through Security Detection to prevent being scammed. These tools complement the benefits derived from the use of tokenization in that they help in the validation of tokens.
Read Also: Crypto Hacks Report: Over $1.5 Billion Stolen in H1 2024!