Cryptocurrency phishing scams have cost nearly 100,000 victims more than $100 million this year.


A recent phishing attack cost a cryptocurrency investor 501 ETH, worth approximately $2 million, which was staked through the liquidity staking protocol Ether.Fi.

On-chain data shows that the theft occurred earlier today and involved two transactions. In one transaction, 426 ETH was lost, followed by another 75 ETH. At the time of the attack, the stolen assets were valued at approximately $16.6 million and $276,000 respectively.

As a result of the theft, the wallet's net asset value plummeted by more than 99.93%, leaving only $1,453.

Web3 security platform Scam Sniffer identified the attack as using the "IncreaseAllowance" transaction, a common technique used in phishing scams that allows attackers to access funds without victim authorization.

More than $100 million lost to phishing scams this year

The incident comes amid a surge in phishing scams targeting the industry this year.

According to data provided by Scam Sniffer, approximately 97,000 cryptocurrency users were defrauded out of $104 million through phishing attacks in the early months of this year. Losses reached $57.7 million in January and $46.8 million in February.

A breakdown of the attack shows that Ethereum users suffered the greatest losses, with $78 million in assets including ETH and ERC20 tokens stolen.

The main method used by cybercriminals is to trick victims into signing malicious phishing signatures such as "Uniswap Permit2" and "increaseAllowance", which allow malicious actors to gain unauthorized access to victims' funds.

Scam Sniffer explains, “Most ERC20 token thefts occur due to phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2, resulting in the assets being stolen.”

Scam Sniffer revealed that most of the victims were victims of fake comments on social media platforms, especially X (formerly Twitter). Attackers often pose as legitimate cryptocurrency organizations to lure unsuspecting individuals to phishing websites where their digital assets can be stolen. #网络钓鱼 #诈骗