huge $41 million was lost In October so far due to the increasing influx of phishing attacks. Most cryptocurrency phishing scams typically involve users engaging in signing actions through their cryptocurrency wallets, to approve contracts or bind permissions.
Creating fake codes that resemble real wallet codes is one of the typical phishing methods used to steal cryptocurrencies from victims’ wallets. The statement is particularly harmful Phishing Because it enables the transfer of many high value tokens simultaneously.
🚨 3 hours ago, another victim lost $1.57 million after signing a phishing “clearance” signature.💸 pic.twitter.com/wDGZIMdJ7N
— sniffer scam | Anti-fraud on Web 3 (@realScamSniffer) October 15, 2024
Phishing: Hackers are getting smarter
An example is a wallet hack worth $1.39 million worth of tokens. Although these ransomware attacks are not new, they have increased in frequency in the last few days of October, which is associated with increased user activity.
🚨 25 minutes ago A PEPE holder lost $1.39 million worth of PEPE, MSTR and APU after signing the phishing signature “permit2”.💸 pic.twitter.com/Wf4nd8eFxl
— sniffer scam | Anti-fraud on Web 3 (@realScamSniffer) October 13, 2024
Most of these attacks occur on the Ethereum blockchain, which is a highly liquid network and uses well-known smart contracts. Most hackers use open source contracts to invent malicious links or develop perfectly realistic-looking smart contracts for unsuspecting individuals to click on.
Hacked social media accounts spread fake links
Crypto has seen a lot of activity on X and similar platforms, making X user accounts now the biggest target for hackers. The issue was particularly high in October, as the token craze would interfere with the broader market recovery. Hacked X accounts, especially accounts of influencers or token projects, share links that trick users into linking their wallets.
As of today, the market cap of cryptocurrencies stood at $2.27 trillion. Chart: TradingView.com
The link may empty wallets, even with a simple click on “Link Wallet”. Some malicious links may be recovery tokens or anti-hacking tools. Other fake links also resemble and mimic search engine ads, such as Google, asking people to link their wallets to new blockchains. Therefore, all necessary tests for authenticity should be performed using empty wallets.
Exploits in Airdrop and Advertising
Phishing schemes always use interest in airdrops or farming points to raise guard level and obtain wallet permissions. Recently, hackers hijacked an X account linked to the SPX6900 meme code, potentially putting buyers at risk of malicious addresses.
Malicious links may appear as harmless offers or download links targeting people who are setting up their wallets to trade meme tokens, but these events will become more widespread as more users begin to fill the meme token space.
Fraudulent social media ads, fake comments, failed Discord servers, and expired invite links are additional risks. One attack could swallow your wallet, and another could cause much greater damage that could extend beyond your crypto wallet.
Featured image from Wisevu, chart from TradingView