Rising Crypto Phishing Incidents EVM Breaches Cause 314 Million in Losses for 2024

ScamSniffer’s mid-year report has unveiled concerning trends in phishing attacks within the cryptocurrency realm. Specifically, the report indicates that in the first half of 2024, phishing incidents on EVM chains resulted in losses totaling $314 million for approximately 260,000 victims, surpassing the $295 million stolen in the previous year. These figures underscore a significant uptick in both the scale and frequency of phishing schemes targeting cryptocurrency users.

Individual Losses of Note
The report highlights that twenty individuals were individually targeted, each losing over a million dollars, cumulatively amounting to $58 million. One victim alone suffered a staggering $11 million loss, marking one of the largest cryptocurrency thefts in history.

Phishing Techniques
The majority of these thefts were executed through phishing tactics involving signatures such as Permit, IncreaseAllowance, and Uniswap Permit2. These techniques typically lure users into seemingly legitimate transactions through deceptive services, resulting in substantial financial losses.

Social Engineering Tactics
Phishing groups have increasingly employed bots to post initial comments on Twitter, often impersonating official accounts of prominent projects. This strategy exploits social engineering by leading users to fraudulent websites through misleading forms and comments.

Detailed Analysis of Phishing Attacks
Assets Targeted:
Losses were particularly pronounced in staked assets, which are often irrecoverable once compromised due to the nature of Permit functionality. Staking, restaking, Aave collateral, and Pendle tokens were among the assets targeted, reflecting a focus on valuable and liquid assets within the cryptocurrency ecosystem.

Attack Vectors:
Credential stuffing and counterfeit wallets were prevalent methods used in these attacks, frequently initiated through comments on tweets from influential accounts, with bots posing as legitimate entities.

Preventive Measures
To mitigate such risks, users are advised to adopt the following preventive measures:

1. Improve Awareness:
Enhance visibility of major phishing signatures to better identify and combat phishing attempts, thereby reducing vulnerability to such scams.

2. User Education:
Educate users to refrain from granting signing permissions and avoid interacting with suspicious links. Awareness campaigns and educational tools are crucial for empowering users to make informed decisions in the crypto industry.

3. Secure Storage:
Avoid storing private keys on cloud services or sharing them via instant messaging platforms like WeChat. Implementing robust security measures ensures that unauthorized individuals cannot access sensitive keys.

4. Verification Tools:
Utilize security detection tools to verify the legitimacy of tokens and transactions, safeguarding against fraudulent activities. These tools complement the benefits of tokenization by providing additional validation measures.

In Conclusion:
The mid-year report by ScamSniffer underscores the escalating threat of phishing attacks in the cryptocurrency sector, urging stakeholders to remain vigilant and adopt proactive measures to protect their assets.

Read More:
Crypto Hacks Report: Over $1.5 Billion Stolen in H1 2024!
Tags:
Hack