Crypto Industry Witnesses a Decrease in Phishing Attacks
In April, phishing attacks targeting the cryptocurrency industry saw a notable decline, with total losses amounting to $38 million, representing a 46% decrease compared to previous months. This decrease marked the lowest amount recorded throughout the year according to the security firm Scam Sniffer. This trend is in line with CertiK’s report, which noted a significant drop in crypto-related scams and exploits to a historic low of $25.7 million during the same period.
Overview of April’s Phishing Attacks
Scam Sniffer’s research highlighted that the Ethereum layer-2 network Base, backed by Coinbase, experienced a 145% surge in phishing incidents, totaling $8.2 million in stolen assets over the past month. Notably, two of the largest single thefts, amounting to 21% of the total stolen funds for the month, occurred on this network. The majority of the stolen assets, specifically 88%, belonged to ERC-20 tokens.
The primary tactic employed by scammers involved creating fake accounts on the social media platform X (formerly Twitter). These fraudulent accounts impersonated well-known projects such as Renzo, Avail, Ether.fi, Wormhole, and Omni, often displaying fake verification badges to enhance their credibility and deceive unsuspecting individuals. By posting misleading content on social media, these scammers directed users to malicious websites where their assets were compromised.
Furthermore, the attackers utilized phishing signatures like Permit, IncreaseAllowance, and Uniswap Permit2 to gain unauthorized access to victims’ funds without their consent. Despite increased phishing alerts by wallets for these specific signatures, scammers found ways to circumvent these warnings by utilizing legitimate contracts such as Disperse and Uniswap Multicall, along with variations of value normalization.
“Despite wallets increasing phishing alerts for certain signatures, wallet drainers are actively finding ways around these alerts using legitimate contracts like Disperse and Uniswap Multicall, and variants of value normalization.”
Image/Photo credit: source url