According to cybersecurity firm ScamSniffer, in October 2024, over 12,000 victims collectively lost $20.2 million to crypto phishing scams.
While this represents a 56% drop in total funds stolen compared to the previous month, the number of individual victims rose by 20%, signaling a shift in scammers’ tactics. The decline also marks one of the lowest monthly totals for stolen funds this year, second only to July, when $19 million was lost to similar schemes.
Ethereum and other networks were hit hard
Overview of October phishing scams – ScamSniffer
Ethereum remains the primary target for these phishing attacks, with $10.4 million stolen from the network in October alone. Other blockchain networks also suffered significant losses, though on a smaller scale. The Blast network reported $5.9 million in losses, while Arbitrum recorded $1.84 million, Avalanche $762,763, and Polygon $722,083. These figures illustrate how Ethereum continues attracting the bulk of malicious activity, though smaller networks are also increasingly impacted.
Biggest incident sees user lose nearly $6 million
The largest single phishing incident involved a user on the Blast network who lost 15,079 fwDETH restaking tokens. Originally valued at over $35 million, these tokens dropped to $5.87 million following a depegging event caused by low liquidity. The depegging helped contain the damage, but the incident still caused ripple effects across decentralized finance (DeFi) platforms, affecting protocols like PAC Finance and Orbit Finance.
In this case, the victim was tricked into signing a compromised Permit signature, granting the scammer unauthorized access to their assets. Similar tactics were used in other incidents, including the theft of $2.3 million in sDAI on Aave Ethereum, $1 million from Uniswap’s Permit2 signature, and $1.6 million on Arbitrum. A compromise of EigenLayer’s account on social media platform X also led to another $800,000 loss when a user unknowingly signed a phishing signature.
Over $400 million lost to phishing scams in 2024
Despite October’s decline in funds lost, total crypto phishing losses for 2024 have now reached $462 million, surpassing the $295 million stolen in all of 2023. Over 360,000 victims have been affected this year, highlighting the rapid growth in phishing attacks in crypto. ScamSniffer attributes this surge to the rise of “draining as a service” (DaaS) operators, who offer technical support and tools for phishing scams. While some DaaS operators have shut down, others are consolidating resources. For example, the notorious Inferno Drainer recently transferred its operations to another group known as Angel Drainer, suggesting a trend toward increased collaboration among cybercriminals.
The steady rise in phishing incidents also points to user negligence. Many victims fall prey to scams by clicking on malicious links, often while searching for crypto airdrops. Experts warn that despite advances in security measures, the onus remains on users to exercise caution, as one wrong click can lead to significant financial loss.