Approval phishing scams ‘a much bigger problem’ than first thought

Since May 2021, $2.7 billion has been lost to confirmation phishing attacks, with a multinational operation leading to one victim being identified in the middle of the scam.

A large-scale operation has been launched to crack down on cybercriminals who are carrying out “confirmation phishing.”

According to Chainalysis, these types of attacks involve tricking an unsuspecting victim into signing a malicious blockchain transaction, often through a fake crypto application.

Once completed, the scammers will be able to spend the specific tokens in their wallets as they wish and, in certain cases, drain someone’s entire savings.

Source: Chainalysis

One particularly infamous incident in September 2023 led to an individual losing $24.23 million worth of staked ETH in their wallet.

Since May 2021, $2.7 billion has been lost to confirmation phishing attacks, and the blockchain analytics firm warns that it is a “much bigger problem than previously recognized.”

Chainalysis says it has launched “Operation Spincaster,” which aims to detect compromised wallets before permanent damage occurs.

Sprints across six countries resulted in the identification of more than 7,000 potential customers, with losses from these cases totaling approximately $162 million.

And in a particularly breathtaking development, one of the victims was called to inform them that he was in the middle of an ongoing scam, meaning that the authorization given to the attacker could have been revoked before hundreds of thousands of dollars worth of cryptocurrency was stolen.

Operation Spincaster demonstrates how law enforcement is increasingly leveraging intelligence provided through blockchain analytics, leveraging the transparency of this technology to track how illicit funds flow through the ecosystem.

The National Crime Agency said 230 British victims had been identified and vowed to bring the criminals to justice wherever they are. Celestino Calabrese, the NCA’s interim head of illicit finance, said:

This work has protected victims in the UK and provided us with the opportunity to track down organised crime groups that have caused significant harm. Many of these groups are based overseas and use sophisticated methods to gain the trust of unsuspecting investors.

While some police forces have begun hiring their own crypto investigators, such departments are often experimental and sometimes understaffed. Such operations — combined with collaboration from crypto exchanges used to move stolen funds — help provide law enforcement with the extra manpower they need to get results. As Ruben van Well of the Dutch National Police put it:

By the end of the sprint, we were able to fine-tune detection methods and freeze several wallets to prevent further loss of funds for victims. The relationships and collaborative efforts built through Operation Spincaster are an important step in our efforts to disrupt and prevent fraud within the ecosystem.

Binance has joined Operation Spincaster and says the initiative will now expand to more countries. In addition to tracking the flow of funds, the exchange’s staff has been tasked with identifying victims, notifying them of the scam, and providing training to help them stay safe in the future.

According to Chainalysis, educating crypto users is an important first step in the fight against scams, and unfortunately, even experienced investors can often fall victim to a phishing attack. The company added:

Cryptocurrency exchanges have a significant impact in detecting and preventing confirmation phishing scams. To effectively combat and prevent such threats, it is essential to implement proactive rather than reactive transaction monitoring capabilities and a solid risk management strategy.

The company is providing important tips to the public as confirmation phishing remains a persistent threat, saying cryptocurrency holders should be extremely careful when asked to urgently send money or provide personal information, even if the source of the request appears official.

Often times, taking a moment to do some independent research via search engines and social media can help confirm whether such a request is genuine. It’s also about trusting your gut feeling – as the old saying goes, if something seems too good to be true, it probably is.

Confirmation phishing is the latest sign that cybercriminals are constantly changing their tactics as awareness of their methods grows, and they’ve become even more emboldened during a bull market. Investing in crypto is fraught with risk, as attacks occur with alarming frequency… and could be a significant hurdle in the quest for wider global adoption.