ScamSniffer, a well-known crypto security firm, recently reported an intriguing contrast in the world of crypto phishing scams. Over 12,000 victims lost an astonishing $20.2 million in October 2024. While this figure represents a significant 56% drop in the amount stolen compared to the previous month, the number of victims involved in these scams increased by 20% during the same period.
The reduced monetary loss is a positive sign, highlighting the gradual decrease in the amount stolen through phishing scams over the past few months. In fact, this figure is nearly the lowest recorded in 2024, only surpassed by July’s $19 million.
A closer analysis of the data reveals that Ethereum continues to be the preferred target for phishing scams, with a staggering $10.4 million stolen from its network. Other blockchain networks that incurred substantial losses include Blast, with $5.9 million; Arbitrum, with $1.84 million; Avalanche, with $762,763; and Polygon, with $722,083.
One unfortunate user lost almost $6 million in the largest single phishing incident in October after 15,079 fwDETH restaking tokens on the Blast network were stolen. Despite the original worth of over $35 million, poor liquidity led to the devaluation of the DETH tokens to $5.87 million.
This incident significantly impacted several decentralized finance (DeFi) protocols, including PAC Finance and Orbit Finance. However, the depegging of DETH did help contain the situation.
The victim inadvertently signed a Permit phishing signature, allowing the scammer to access their address. This compromised Permit signature was linked to several other attacks, including the $2.3 million loss of sDAI on Aave Ethereum, $1 million in stolen assets through the Uniswap Permit2 signature, and $1.6 million lost on Arbitrum. One user even lost $800k after clicking a phishing link and signing a permit phishing signature linked to the compromised EigenLayer’s official account on X.
A rather unique supply chain attack also occurred, resulting in a loss of 10 BTC worth $723k. The victim interacted with the Lottie Player website during the attack, which allowed the scammer to steal the funds.
Despite the reduction in stolen funds in October, the total amount stolen through crypto phishing this year has surpassed the previous year’s figures. Scammers stole $295 million in 2023, a figure dwarfed by the $314 million lost in the first half of 2024 alone. Adding the losses from the past four months, a staggering $462 million has now been stolen from over 360,000 victims.
These figures underline the increasing proficiency and profitability of crypto phishing scammers. Despite advancements made by blockchain security companies to prevent and limit phishing scams, cybercriminals continue to enhance their own capabilities.
The emergence of draining as a service (DaaS) operators has significantly boosted phishing activities, offering scammers all the necessary technical tools for a reasonable fee. Some DaaS operators have shut down operations, while others have joined forces to become even more formidable.
A significant factor contributing to the rise in phishing incidents is user error or negligence. Often, all it takes for a scammer to succeed is a single click on a malicious link, an action many in the crypto community unwittingly undertake in their search for the next airdrop link.