TLDR
- Crypto phishing scams stole $46 million in September 2024
- Q3 2024 saw total crypto scam losses of $750 million, with only 4.1% recovered
- A single phishing attack on September 27th accounted for $42.34 million in losses
- Ethereum was the most targeted blockchain for scams in Q3 2024
- Security firms advise users to double-check URLs and email addresses to protect themselves
Cryptocurrency enthusiasts and investors faced ongoing challenges in the third quarter of 2024 as phishing scams continued to target the industry, resulting in substantial financial losses.
According to recent reports from cybersecurity firms, September alone saw $46 million stolen through crypto phishing scams, highlighting the persistent threat these attacks pose to the digital asset ecosystem.
Data from Certik, a prominent Web3 security firm, reveals that Q3 2024 witnessed approximately $750 million in total losses due to various crypto scams.
Of this amount, only 4.1% was recovered, marking a significant decrease from the 14.4% recovery rate observed in the previous quarter.
The reduced recovery rate underscores the increasing sophistication of scammers and the difficulties faced by security experts in retrieving stolen funds.
Phishing attacks, a common method employed by cybercriminals, accounted for a substantial portion of these losses. Scam Sniffer, another security firm specializing in Web3 threats, reported approximately 10,800 phishing attacks during September alone.
🚨 43 mins ago, someone lost 12,083 spWETH ($32.43M) after signing a "permit" phishing signature.💸 pic.twitter.com/y7PQZW2FZq
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) September 28, 2024
These attacks often involve deceptive tactics to trick users into granting unauthorized access to their digital wallets or revealing sensitive information.
One of the most notable incidents occurred on September 27, 2024, when attackers utilized a ‘permit’ phishing signature to execute their scheme.
This type of attack deceives users into granting unauthorized access to their wallets through off-chain signatures, allowing malicious actors to choose the most opportune moment to exploit the compromised accounts.
In this particular case, the attackers managed to steal 12,083 $spWETH tokens, valued at approximately $42.34 million at the time of the attack.
Recently, EOA 0xaa1582084c4f588ef9be86f5ea1a919f86a3ee57 was drained of 12,083 spWETH (~$32M).
10k spWETH (~$26M) were sent to address 0x471c, then transferred to 4 wallets:
– 0x105c = 1.75K ETH
– 0x278d = 2.613K ETH
– 0x408d = 3.73K ETH
– 0xfaf2 = 1.865K ETH pic.twitter.com/vPX6frV2Gy
— CertiK Alert (@CertiKAlert) September 28, 2024
This single incident accounted for roughly 66% of the total damage inflicted by phishing scams in September.
The Ethereum blockchain emerged as the primary target for scammers during Q3 2024, both in terms of the number of incidents and monetary value stolen.
Certik reported 96 incidents on the Ethereum network, resulting in losses of $387.8 million. While Bitcoin experienced only one significant incident, it led to a staggering loss of $238 million.
The Binance Smart Chain (BSC) ranked second in terms of incidents with 39 reported cases, although the financial impact was comparatively lower at $4.7 million.
Other blockchain networks, including Scroll, Solana, Polygon, Optimism, and Cosmos, also fell victim to phishing attacks, albeit on a smaller scale.
The number of incidents on these chains ranged from 1 to 6 cases, with losses varying between $200,000 and $7.6 million.
The persistence of phishing scams in the crypto industry underscores the need for heightened vigilance among users and improved security measures.
Experts recommend that cryptocurrency holders exercise caution when interacting with online platforms and verify the authenticity of websites and email addresses before engaging in any transactions or sharing sensitive information.