How 2 Wallet Errors and Phishing Attacks Cost Crypto Users $62M
In January, two significant wallet errors and phishing attacks resulted in a loss of $62 million for crypto users, highlighting the increasing vulnerability of even experienced users to scams. The incidents included a $12.25 million loss from a wrong wallet address and a $50 million loss from similar circumstances, with phishing attacks surging by 207% in January. The rise in these scams underscores the need for heightened security awareness and vigilance among crypto users.
In January, a crypto user lost $12.25 million by copying the wrong wallet address. In December as well, another one ended up losing $50 million in a similar way. Together, the two incidents cost $62 million, according to the popular Web3 security solution, Scam Sniffer. Crypto Blunders Signature phishing attacks also surged in January. In fact, Scam Sniffer found that $6.27 million was stolen from 4,741 victims, which is a 207% increase from December. The largest cases involved $3.02 million from SLVon and XAUt via permit/increaseAllowance, and $1.08 million from aEthLBTC via permit. Two wallets alone accounted for 65% of all phishing losses. Address poisoning is a scam where attackers send small transactions from wallet addresses that closely resemble real ones, hoping users copy the wrong address from their transaction history. This can lead to funds being sent directly to scammers by mistake. Signature phishing further increases the risk by tricking users into signing malicious approvals that give attackers permission to move funds later. As such, these tactics rely on social engineering and human error, and may make even experienced users vulnerable. In November last year, a crypto holder lost over $3 million worth of PYTH tokens after mistakenly sending funds to a scammer’s wallet. The error occurred when the victim copied a fake deposit address from their transaction history. Blockchain analysts at Lookonchain said the attacker created a lookalike address matching the first four characters of the real wallet and sent a tiny SOL transaction to appear legitimate. The victim later transferred 7 million PYTH tokens without fully verifying the address and fell victim to an address poisoning attack. The transferred stash was worth about $3.08 million at that time. Coordinated Multisig Scam Attempt Amidst the growing frequency of such attacks, the non-custodial wallet, Safe, formerly known as Gnosis Safe, also issued a warning for its users about a large-scale add...
Comments
Log in to comment