Crypto phishing losses drop to $43m in September: Scam Sniffer

Funds lost to cryptocurrency phishing scams dropped in September, with roughly $46 million lost by 10,805 victims.

Data from Scam Sniffer show that crypto funds lost to phishing attacks in September saw a notable drop from the previous month, although the number of victims increased. In an Oct. 4 X thread, Scam Sniffer noted that nearly $46.7 million was stolen from 10,805 victims, down from the $63 million lost in August.

The majority of losses in September came from one individual who signed a malicious permit signature and lost 12,083 spWETH. A tactic that is often referred to as an approval phishing scam involves tricking a victim, often using fake applications, into signing a malicious blockchain transaction that transfers control of a user’s asset to the bad actors.

Further, Scam Sniffer analysts noted that in Q3, scammers managed to rake in $127 million in crypto assets by targeting an average of 11,000 victims monthly. Notably, just two victims accounted for $87 million in losses in the third quarter of 2024.

A separate report from blockchain security firm CertiK, published on Oct. 3, estimates Q3 losses from phishing attacks to have siphoned $343.1 million across 65 incidents. The report labeled phishing as the most damaging attack vector for the quarter. In August, analytics firm Chainalysis reported over $2.7 billion as lost to such scams since 2021.

X remains the leading platform for phishing scammers

Meanwhile, Scam Sniffer pointed out that fake accounts X were the leading cause of how victims end up on phishing websites. Dubious Google ads were the second most common hook.

Fake X accounts that impersonate legitimate crypto projects and personalities to make users click on malicious links have been plaguing the crypto sector since its inception. Back in January, cybersecurity firm SlowMist found that over 80% of comments under posts from prominent crypto projects were scams.

In its August report, Scam Sniffer highlighted a noticeable drop in such accounts on X, applauding the social media platform’s team’s efforts to combat scams. Nevertheless, the Elon Musk-owned platform remains a hotbed of scams, and lately, several high-profile accounts have been compromised to promote elaborate phishing campaigns.

The latest attack targeted ChatGPT developer OpenAI’s press account and promoted a phishing link under the guise of an airdrop for a made-up token dubbed OPENAI. Prior to that, the virtual reality-focused project Decentraland fell victim to a similar incident.

Scam Sniffer urged users to be cautious and thoroughly check the links they click on the internet while emphasizing the importance of staying informed about increasingly sophisticated phishing schemes.