$104 million in crypto lost to phishing incidents within two months of 2024

Phishing attacks continue to result in substantial losses for crypto users.

Over the first two months of this year, an estimated 97,000 users were affected by phishing incidents, culminating in a staggering $104 million in losses, according to data from the security firm Scam Sniffer. This included $57.7 million lost to phishing incidents in January and $46.8 million during February. 

Users on Ethereum have been the prime target, with $78 million of the total losses associated with users’ assets such as ether and ERC20 tokens being drained. 

The majority of the stolen funds were due to victims unwittingly signing malicious phishing signatures, including “ERC20 Permit” and “increaseAllowance” signatures. These signatures, when malicious, grant attackers access to the victim’s funds without their knowledge.

Phishing attacks can be a major concern because signing only one malicious signature may result in the loss of all assets stored in a wallet.

Users lured to phishing sites via social media

Scam Sniffer's analysis also shed light on the tactics used by these cybercriminals, noting that a large number of victims were lured to phishing sites through deceptive comments on social media platforms, particularly Twitter. These comments, posing as legitimate accounts, attempt to direct users to malicious sites where their assets are compromised.

“Most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts,” Scam Sniffer noted. 

The total funds lost by users to crypto phishing attacks amounted to $300 million during all of 2023.