ScamSniffer has reported that over 12,000 victims lost $20.2 million to crypto phishing incidents in October 2024, marking a 56% drop in the amount stolen via crypto scams compared to the previous month. However, the number of victims increased by 20% during the month.
Still, the decline highlights how the amount of money stolen through phishing scams has gradually reduced over the past few months to reach close to the lowest level in 2024. Aside from October, only July saw fewer funds stolen, with just $19 million lost to phishing scams in that month.
Overview of October phishing scams – ScamSniffer
A cursory look at the data shows that Ethereum remains the biggest playground for these phishing scams, with over $10.4 million stolen from the network. Other blockchain networks that recorded sizable losses include Blast, with $5.9 million; Arbitrum, with $1.84 million; Avalanche, with $762,763; and Polygon, with $722,083.
This user lost almost $6 million in the biggest incident
A user who lost 15,079 fwDETH restaking tokens on the Blast network was the highest amount stolen in a single phishing incident in October. The tokens were originally worth over $35 million, but DETH depegged due to poor liquidity, leading to their value falling to $5.87 million.
Still, the attack and massive sell-offs of the DETH tokens by the bad actor affected some decentralized finance (DeFi) protocols, including PAC Finance and Orbit Finance. However, the depegging of DETH helped to contain the incident.
According to reports, the victim signed a Permit phishing signature allowing the scammer to access their address. The compromised Permit signature was also responsible for several other attacks, such as the $2.3 million loss of sDAI on Aave Ethereum, $1 million stolen assets through the Uniswap Permit2 signature, and $1.6 million lost on Arbitrum. Beyond this, the compromise of EigenLayer’s official account on X also led to one user losing $800k after they clicked on a phishing link and signed a permit phishing signature.
However, there were other attacks, including a supply chain attack that cost a user 10 BTC worth $723k. The user had interacted with the Lottie Player website when it was under a supply chain attack, which allowed the scammer to steal the funds.
Over $400 million stolen through phishing scams this year
Despite the decline in the amount stolen from crypto phishing in October, the total stolen this year has now surpassed 2023 numbers. According to ScamSniffer data, scammers stole $295 million in the whole of 2023. This is less than the $314 million that was lost to phishing in the first half of 2024 alone. With the past four months’ numbers added, $462 million has now been stolen from over 360,000 victims.
The increase in money lost and the number of victims highlights how prolific and profitable crypto phishing scammers have become. Despite the increase in technological capabilities by blockchain security companies trying to prevent and limit phishing scams, scammers have also improved their capacity.
The proliferation of draining as a service (DaaS) operators has also helped to boost phishing activities, with scammers finding all the technical tools for phishing scams available for hire. Recently, some DaaS operators have had to shut down their operations, but some are also combining resources in a likely attempt to become stronger. Infamous crypto-draining service Inferno Drainer announced the transfer of its project and tools to another bad actor, Angel Drainer, in October.
Meanwhile, some of the factors responsible for the rise in phishing incidents and victims are crypto users’ mistakes or negligence. Most of the time, all it takes to be compromised is to click on a malicious link, which many people in the crypto community do while searching for the next airdrop link.
