Cybercriminals targeted over 57,000 individuals with cryptocurrency phishing scams in February, resulting in a total loss of over $47 million. This marked a 75% decrease in victims compared to the previous month [2].


The majority of thefts [2] [3], amounting to $46.9 million, occurred on the Ethereum mainnet, with a focus on ERC-20 tokens. Phishing signatures like Permit [2] [3] [4], IncreaseAllowance [2] [3] [4], and Uniswap Permit2 were used to facilitate thefts [2] [3], with scammers utilizing fake accounts on social media platform X to lure victims to phishing websites. Wallet drainer attacks are now utilizing safe wallets for token approvals [4], taking advantage of account abstraction for smart contract compatibility. High-profile figures [5] [6], including MicroStrategy [1] [6], Compound Finance [6], Rocket Pool [6], Blockchain Capital [6], and Vitalik Buterin [1] [5] [6], saw their accounts hacked [6], resulting in substantial losses [6]. Crypto wallet developers have also cautioned users about a scam app on the Apple App Store containing crypto-drainer malware [4], advising users to only download from the official website [4]. This alarming trend aligns with a rising preference among scammers for ‘approval phishing’ techniques [6], manipulating victims into signing transactions that grant unauthorized access to wallets [6]. Scam Sniffer warned of thefts related to phishing signatures [4], consistent with SlowMist’s investigation uncovering widespread theft driven by phishing tweets [2] [3], with about 80% of comments under tweets from reputable projects identified as phishing scam accounts [3].


The impact of these cryptocurrency phishing scams is significant, with millions of dollars lost and high-profile individuals and organizations falling victim. It is crucial for users to remain vigilant and only download from official sources to avoid falling prey to such scams. Moving forward, it is essential for the crypto community to continue to educate users about the risks of phishing and implement stronger security measures to prevent future attacks.