Recently, the team behind the Scam Sniffer Web3 anti-scam solution has shared alarming statistics about phishing attacks in February.
"Crypto phishing scams hit $71 million in March, marking a 50% increase in stolen funds from February," Scam Sniffer reports. The team adds that $173 million has already been lost to phishing scams during the first quarter of 2024. In total, the team detected 77,529 phishing scam victims last month, compared to 57,066 in February.
In its report, Scam Sniffer highlights a surge in phishing activities on popular networks such as BNB and Base. According to the on-chain analytics team, "the Base chain saw stolen funds surge by 300% compared to February." Scam Sniffer estimates the total financial damage on this network to be $3,357,756, while losses from phishing thefts on BNB nearly reached $7 billion last month.
Other networks particularly affected by phishing scams in March include Arbitrum, Avalanche, Polygon, Optimism, Fantom, and zkSync. Ethereum experienced the greatest financial damage, witnessing a theft of $52,423,487. Unfortunately, the loss to the phishing scams on the Ethereum chain was also significantly higher in March than in February when the total loss was $36,226,059. According to Scam Sniffer, Arbitrum was the second most affected chain last month.
Scam Sniffer emphasized that "A significant amount of stolen assets are Pendle Yield tokens." In March, the team reported at least three major phishing attacks targeting tokens on the Pendle Yield platform, powered by the Pendle Finance DeFi protocol for flexible investment strategies. All three scam incidents exploited permissions. The largest exploit resulted in the loss of $3.05 million worth of PT-USDe, while another led to the theft of $2.48 million worth of PT-weETH and aAvaWETH, as well as $2.12 million worth of PT-ezETH.
Another significant factor facilitating phishing last month, as mentioned by Scam Sniffer, was social media.
"Fake Twitter accounts posting deceptive comments remain a primary tactic for scammers," the team stressed, adding that by April 2, they had detected up to 1,517 fake accounts within two weeks.
Last month, the cybersecurity firm SlowMist particularly highlighted a concerning trend of scammers targeting victims of phishing exploits. In addition to the already popular spam strategies of distributing deceptive offers of cryptocurrency and NFT recovery services, some scammers have been especially audacious in their deceitful tactics.
These threat actors gather information about the theft, including the time, the wallet involved, and the reasons behind the theft. With a bold claim that they can recover 100% of the stolen funds, cybercriminals lure crypto users who have already suffered from an exploit and employ various methods to enable further theft.
One such approach involves pretending to guide the victim through the recovery process, allowing scammers to gain access to credentials and seed phrases, facilitating further theft. A more advanced strategy described by SlowMist involves token precision manipulation, enabling scammers to successfully imitate the recovery of a significant amount of money when in reality, only a minimal amount is returned.
Fortunately, some of the lost funds were secured. One notable case highlighted by Scam Sniffer occurred on March 1, when prominent on-chain sleuth ZachXBT intervened in the theft of $4.3 million from an ALI holder by alerting the core team and investors. Consequently, an emergency community vote was arranged, and the decision to burn the stolen tokens, approved by the scam victim, was made.
Unfortunately, scammers are not taking a break after their March achievements and continue to steal from the Web3 community. For instance, at the beginning of April, ScamSniffer identified over one hundred phishing sites impersonating the Wormhole project, attempting to defraud participants of its airdrop.
One of the newest phishing tactics, exposed by Scam Sniffer and the user McBiblets, involves the abuse of advertisements. These ads are now targeting not only popular social platforms like X and commonly used search engines such as Google, Bing, and DuckDuckGo but also Etherscan.
"Unreal, some ads on Etherscan are wallet drainers," McBiblets reported on X. It appears that one of the wallet drainers actively targeting EtherScan users is Angel Drainer.
This month, Scam Sniffer also warned the community about fake Ethena Google phishing ads that hijack search intents. Additionally, there has been a rise in social engineering attacks targeting Discord users who "are tricked into adding malicious phishing bookmarks, leading to credential theft and subsequent phishing messages.