Crypto phishing losses drop to $43m in September: Scam Sniffer

Funds lost to cryptocurrency phishing scams dropped in September, with 10,805 victims losing nearly $46 million.

Data from Scam Sniffer shows that crypto funds lost to phishing attacks in September saw a significant decrease compared to the previous month, even as the number of victims increased. In an October 4 correspondence, Scam Sniffer stated that approximately $46.7 million was stolen from 10,805 victims; This figure is down from the $63 million lost in August.

🚨 ScamSniffer September Phishing Report
In September, nearly 10,000 victims lost approximately $46 million to crypto phishing scams.

In Q3 2024, phishing losses reached $127 million, with an average of 11 thousand victims per month. The two major victims were worth $87 million. 💸

🧵 [1/8] pic.twitter.com/T2OpXQ8Cqb

— Fraud Detector | Web3 Anti-Scam Protection (@realScamSniffer) October 4, 2024

The bulk of September’s losses came from one person who signed a malicious consent signature and lost 12,083 spWETH. One tactic, often referred to as confirmation phishing scams, involves tricking a victim, often using fake applications, into signing a malicious blockchain transaction that transfers control of a user’s existence to bad actors.

Additionally, Scam Sniffer analysts noted that fraudsters managed to obtain $127 million in crypto assets by targeting an average of 11,000 victims per month in the third quarter. Notably, just two victims caused $87 million in losses in the third quarter of 2024.

A separate report from blockchain security firm CertiK, published Oct. 3, estimated third-quarter losses from phishing attacks drained $343.1 million across 65 incidents. The report labeled phishing as the most damaging attack vector of the quarter. In August, analytics firm Chainaliz reported that more than $2.7 billion had been lost to such scams since 2021.

X remains the leading platform for phishing scammers

Meanwhile, Scam Sniffer pointed out that fake X accounts are the main reason why victims end up on phishing websites. Suspicious Google ads were the second most common hook.

Fake X accounts that impersonate legitimate crypto projects and personalities to get users to click on malicious links have plagued the crypto industry since its inception. In January, cybersecurity firm SlowMist found that more than 80% of comments under posts from leading crypto projects were scams.

In its August report, Scam Sniffer highlighted a noticeable decline in such accounts on X and applauded the efforts of the social media platform team to combat fraud. However, the Elon Musk-owned platform remains a hotbed of scams, and recently, several high-profile accounts have been compromised in an attempt to promote sophisticated phishing campaigns.

The latest attack targeted the press account of ChatGPT developer OpenAI, promoting a phishing link under the guise of an airdrop for a fictitious token called OPENAI. Before this, the virtual reality-focused Decentraland project was also the victim of a similar incident.

While Scam Sniffer urged users to be careful and thoroughly check the links they click on the internet, he emphasized the importance of being informed about increasingly sophisticated phishing schemes.