Fake X accounts lead to record-setting crypto phishing attacks of $341 million
The top 20 crypto phishing victims of the first half of the year lost $58 million, according to Scam Sniffer.
Crypto phishing exploits in the first half of this year reached $341 million, surpassing the $295 million scammers siphoned from victims in 2023, according to blockchain security firm Scam Sniffer.
Security expert and SlowMist founder Yu Xian said the phishing incidents of the first half of the year showed that the profit margin of these malicious attacks was profitable. He added:
“There are 20 large accounts that have been phished for more than one million US dollars. Most of them are caused by the offline authorization signature of permit being phished away.”
20 people lost over $1 Million each
The report reveals that around 260,000 victims lost $314 million across all Ethereum Virtual Machine (EVM)-compatible chains between January and June 2024. Among these, the top 20 victims lost over $1 million each, totaling $58 million. Notably, most of these users fell victim to several signature permits.
The report stated:
“In the Top 20 victim’s case, most of the thefts of all ERC20 tokens were due to signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2.”
During the period, the most significant losses were incurred by one user who lost $11 million, making them the second-largest individual theft victim in history. Following a permit signature phishing attack, the user lost $11 million worth of aEthMKR and Pendle USDe tokens.
The report also disclosed that most large thefts involved staking, restaking, Aave Collateral, and Pendle tokens. By asset category, Pendle-related thefts accounted for 23.6%, followed by restaking assets at 19.5%. Aave Collateral and staking thefts stood at 18% and approximately 8%, respectively.
Phishing attack tactics
Scam Sniffer stated that most phishing attacks were caused by impersonator accounts on X, formerly Twitter. The victims were lured to phishing websites via phishing comments on the platform.
It explained:
“From Mist-Track intelligence and victim feedback, most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts.”