Decline in Phishing-Related Crypto Losses
In February, phishing-related crypto losses saw a significant decrease for the third consecutive month. According to data from Scam Sniffer, 7,442 victims lost a total of $5.32 million.
This represents a 48% decline from January’s losses of $10.25 million and December 2024’s losses of $23.58 million. The downward trend suggests that crypto users are becoming more security-conscious and taking proactive measures to protect their funds.
Furthermore, the decrease in incidents indicates a growing awareness of common scams and improved security practices within the industry.
Major Phishing Attacks
The most significant phishing attack in February involved address poisoning on the Ethereum network. Scammers manipulated transaction histories to deceive users into sending funds to fraudulent addresses, resulting in $771,000 in stolen assets.
Other phishing tactics also led to substantial losses. Permit-related exploits drained $611,000 from Ethereum users, while BNB Chain users lost $610,000 due to unrevoked approvals. Additionally, “Increase Approval” scams stole $326,000 from Ethereum wallets.
One notable case involved a victim who lost $607,000 due to a phishing approval signed over a year ago. Analysts at Scam Sniffer recommend revoking outdated approvals when network fees are low to minimize exposure to such attacks.
Sophisticated Phishing Schemes
Despite the decrease in phishing losses, scammers are continuously refining their tactics. Scam Sniffer issued a warning about a Telegram-based scheme where attackers trick users into entering verification codes, leading to account hijacking.
The attack works as follows:
- Scammers send a message urging the victim to “verify” an issue.
- The victim enters a login code.
- Attackers steal session information.
- The victim loses access to their Telegram account.
- Once inside, they search for private keys or impersonate the victim to deceive their contacts.
Scam Sniffer cautions that these tactics are becoming more prevalent, with attackers frequently using fake security alerts to manipulate users.
