The mid-year security report of the security company ScamSniffer pointed out that the number of phishing victims and the amount in the first half of 2024 were 266,000 and 314 million U.S. dollars respectively. Compared with the 295 million U.S. dollars last year, it only took half a year to complete this year. That number was reached.

The address with the second largest stolen amount in history is revealed

ScamSniffer first pointed out that of the 260,000 victims, 20 lost more than $1 million each, and they lost a total of $58 million:

The victim with the highest amount of stolen funds lost $11 million, and he is now the second-largest user in history.

Main reason: Permit, IncreaseAllowance

As for the main reasons for lost funds, ScamSniffer analyzed the top 20 victims of theft and pointed out that most of the stolen tokens were due to mistakenly signing phishing signatures:

Including Permit, IncreaseAllowance and Uniswap Permit2, etc.

Previously, Lian News had reported on this phishing risk, reminding users to be careful.

(Is there a security risk after using Uniswap? How will off-chain signatures lead to asset theft)

In this regard, installing the ScamSniffer web extension tool on your computer can be said to be quite practical for identifying phishing content and suspicious websites.

Pledged and re-pledged assets will also be stolen!

The company also reminded that many large-scale phishing operations have also stolen staking, re-staking, Aave Collateral (Aave staking income), and tokens in the Pendle protocol (LSD assets, PT/YT tokens):

Please note that these tokens also support Permit, and once stolen, your pledged assets cannot be recovered.

Falling into the trap of fake accounts and getting into trouble

As for how the victims fell into the phishing scam, ScamSniffer also counted the feedback from the victims and found that most of the victims were phishing messages posted by fake Twitter accounts. They did not see clearly for a while and were led to extremely simulated messages. Phishing websites to defraud funds.

Among them, Lian News calls on users to carefully check the number of fans of the account name, common fans, account name (especially the difference between i and l, and the swapping of letters) every time before clicking on the relevant link to avoid painful losses. assets.

(All money disappears with one click! What are the phishing techniques and prevention methods for "offline authorized signature"? Fake EigenLayer case)

Anyone who volunteers to help you chase your assets is probably a scam

For users whose funds have been stolen, ScamSniffer also emphasizes that it can use the security company MisTrack to assist in recovering funds.

However, the company also cautions that anyone else who actively claims to be able to recover 100% of stolen assets may be another scam.

Phishing is rampant, users still need to protect themselves

This year coincides with the airdrops of large-scale projects such as Avail, EigenLayer, ZKsync and BLAST. At the same time, Telegram also attracts users to participate in its own Ton ecosystem through various money-making games.

From airdropped phishing emails to hacking of official project accounts, there have been endless attacks in the first half of this year. Users still need to pay more attention to unknown links.

(Information security warning: Telegram has many phishing traps, and the account may disappear directly)

This article ScamSniffer phishing report: Loss of more than 300 million in half a year, one person had tens of millions of magnesium stolen, becoming the second largest disaster-stricken household in history. First appeared on Chain News ABMedia.