Crypto users lost almost $63 million to phishing scams in August, according to data from ScamSniffer. This represents a 215% increase compared to the amount stolen in July. Most of the funds lost this month happened in one incident where a user lost $55 million.
The number of victims for the month dropped 34% to 9,145 addresses across EVM chains, showing that the rate of phishing scams is declining. However, Ethereum accounted for the most incidents and the highest amount stolen, with $61.487 million.
One user lost $55 million in a phishing attack
On August 20, one user lost $55.43 million of MakerDAO stablecoin DAI after signing a phishing transaction that changed the ownership of the proxy contract holding the funds. The victim, 0xf2B8, executed a “setOwner” transaction, granting control of the contract to a phishing address, 0x0000db.
Although he realized his mistake and tried to transfer the funds, it was too late. The scammer had authorized 0x5D4b to drain all the DAI in the wallet. This is one of the biggest losses to a phishing scam this year.
Considering the novelty of this strategy, ScamSniffer noted that scammers continue to find new and inventive ways to steal from users. Therefore, it is important for crypto users to be hyper-vigilant.
It said:
“One victim lost a staggering $55M to a phishing scam targeting their proxy’s ownership, showing the diversity of phishing attacks. As a user, you need to be constantly aware of the risks associated with the transactions you sign.”
Besides this large-scale theft, there were recurring phishing scams involving copying the wrong addresses from contaminated transfer history.
Some people also lost thousands worth of ETH to a YouTube scam “1.2 ETHs Daily Made Easy with ChatGPT on 1inch.” One user, 0xc9fd, lost 10 ETH to the same scam in about two weeks.
Fake accounts are fewer on X
August saw a notable drop in fake crypto accounts on X (formerly Twitter), with the number dropping as low as 100 before a slight uptick in September. Still, the ScamSniffer chart shows that there are now less than 200 fake accounts for popular crypto platforms, a big difference from the almost 800 in mid-June.
Fake crypto accounts on X (Source: ScamSniffer)
Fake crypto accounts are a major tool for phishing scammers who impersonate real projects to spread phishing links and deceive users. In many cases, these fake accounts have blue and gold ticks and comments under genuine posts, making it challenging for some users to identify the real ones quickly.
So far, crypto projects are adding “end of tweet” to posts to ensure users avoid other comments that might be phishing links. However, the best solution, according to blockchain security experts, is for users to still be extra cautious and avoid clicking on random links.
Exchanges are also stepping in to combat phishing, with Binance developing a tool to counter address-poisoning scams.