Crypto phishing attacks plummet in April, reaching a yearly low of $38 million

05/06/2024 20:56
Crypto phishing attacks plummet in April, reaching a yearly low of $38 million

Crypto phishing attacks plummet 46% to yearly low of $38 million, security firm Scam Sniffer reports.

Crypto phishing attacks plummet in April, reaching a yearly low of $38 million Crypto phishing attacks plummet in April, reaching a yearly low of $38 million 5 seconds ago · 2 min read

Crypto phishing incidents on 'X' drive April's record low theft totals.

2 min read

Updated: May. 6, 2024 at 2:56 pm UTC

Crypto phishing attacks plummet in April, reaching a yearly low of $38 million

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Phishing attacks within the crypto industry decreased 46% to $38 million in April, the lowest amount this year, according to the security firm Scam Sniffer.

Notably, this aligns with CertiK’s finding that crypto-related exploits and scams plummeted to a historic low of $25.7 million in April.

April’s phishing attack

Per Scam Sniffer’s findings, the Coinbase-backed Ethereum layer-2 network Base recorded a 145% surge to $8.2 million in phishing incidents during the past month. Two of the top 10 largest single thefts occurred on this chain, accounting for 21% of the month’s total theft.

Phishing attack
Top 10 Phishing Attacks in April. (Source: Scam Sniffer)

Meanwhile, ERC-20 tokens bore the brunt of attacks, with 88% of the stolen assets belonging to this class.

Scam Sniffer identified fake accounts on the social media platform X (formerly Twitter) as the primary tool utilized by scammers. These attackers mimicked prominent projects like Renzo, Avail, and Ether.fi, Wormhole, and Omni, and their accounts often sport fake verification marks, lending an air of authenticity that is used to lure unsuspecting users.

Using these accounts, the attackers post deceptive comments on social media platforms to drive unsuspecting individuals to malicious sites where their assets can be stolen.

Additionally, the attackers usually employed phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2. These malicious signatures grant the attackers access to their victim’s funds without their knowledge.

Scam Sniffer added:

“Despite wallets increasing phishing alerts for certain signatures, wallet drainers are actively finding ways around these alerts using legitimate contracts like Disperse and Uniswap Multicall, and variants of value normalization.”

Mentioned in this article
Latest Ethereum Stories
Latest Press Releases

Read more --->