Phishing attacks within the cryptocurrency industry fell 46% in April to $38 million, the lowest amount recorded this year, according to security firm Scam Sniffer. Notably, this decline is consistent with CertiK’s findings, which indicate that cryptocurrency-related abuse and fraud reached an all-time low of $25.7 million in April.
April Phishing Attack Insights
Base, the Ethereum layer 2 network backed by Coinbase, has seen a notable spike in phishing incidents, up 145% to $8.2 million over the past month, according to analysis by Scam Sniffer. Interestingly, two of the top 10 largest single thefts occurred on this chain, accounting for 21% of total thefts for the month.
ERC-20 tokens have borne the brunt of these attacks, with a whopping 88% of stolen assets belonging to this class.
Tools and tactics used by attackers
Scam Sniffer pointed to fake accounts on social media platform X (formerly known as Twitter) as a key tool used by scammers. These attackers impersonated popular projects such as Renzo, Avail, Ether.fi, Wormhole, and Omni. These fake accounts were often marked with fake checkmarks to make them look like they had been exploited to lure in unsuspecting users.
Attackers used these fake accounts to post deceptive comments on social media platforms, redirecting unsuspecting individuals to malicious sites where their assets could be stolen.
Additionally, attackers frequently utilized phishing signatures such as Permit, IncrementAllowance, and Uniswap Permit2. These malicious signatures allowed the attackers to access the victims’ funds without their knowledge.
The Scam Sniffer added that despite wallets increasing phishing alerts for certain signatures, wallet drainers are actively looking for ways to circumvent these alerts using legitimate contracts such as Disperse and Uniswap Multicall along with variations of value normalization. Yes.
Featured Image: Freepik
Please see disclaimer