Impersonated accounts on X (formerly Twitter) were identified as the main culprits behind the majority of cryptocurrency phishing attacks last month, resulting in victims losing a staggering $46.9 million. This alarming trend was highlighted in the latest Scam Sniffer Phishing Report, which revealed that over 57,000 individuals fell victim to cybercriminals utilizing fake X accounts to deceive unsuspecting cryptocurrency holders.
The report pointed out that Ethereum mainnet was the primary target for these fraudulent activities, with ERC20 tokens accounting for 86% of the total thefts. The scammers employed various phishing tactics, such as spoofing high-profile accounts and leaving enticing comments on victims’ posts to lure them into phishing sites. Additionally, the thefts were predominantly carried out through the exploitation of phishing signatures like Permit, IncreaseAllowance, and Uniswap Permit2, which allow unauthorized access to smart contracts.
Scam Sniffer also issued a warning regarding the increasing use of account abstraction wallets for token approvals in wallet drainer attacks. While account abstraction is intended to enhance compatibility for Ethereum wallets, malicious actors have been manipulating this feature to carry out their nefarious schemes.
Despite the significant amount of funds stolen in February, there was a notable decrease in the number of victims losing over $1 million, indicating a shift in the tactics employed by cybercriminals. However, the threat of cryptocurrency scams extends beyond fake X accounts, as evident from a recent incident involving a scam app on the Apple App Store containing crypto-drainer malware.
The developers of the popular Leather wallet took to X to caution users against falling for the scam app and urged them to download the wallet only from its official website. They emphasized that the Leather Wallet app currently available on the iOS store is fake and advised users not to input their seed phrase. The team reassured users that they would be notified once the official mobile app is ready for download.
In conclusion, cryptocurrency holders need to remain vigilant against the evolving tactics of cybercriminals and exercise caution when engaging with digital assets. By staying informed and following best practices for security, users can protect themselves from falling victim to phishing attacks and other fraudulent activities in the crypto space.