Cybercriminals capitalized on impersonated accounts on X (formerly Twitter) to orchestrate a wave of cryptocurrency phishing attacks, resulting in victims losing nearly $47 million in February alone. According to the monthly Scam Sniffer Phishing Report, over 57,000 individuals fell prey to these scams, with the majority of the stolen funds amounting to approximately $46.9 million.
The phishing campaigns predominantly targeted unsuspecting cryptocurrency holders, who were lured to fraudulent websites by fake X accounts masquerading as legitimate high-profile figures. These accounts often left comments on victims’ posts, enticing them to click on malicious links or provide sensitive information.
A staggering 78% of the total volume of thefts occurred on the Ethereum mainnet, with a focus on ERC20 tokens, which constituted 86% of the targeted assets. The thefts were primarily facilitated through the exploitation of phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2, allowing cybercriminals to manipulate smart contracts without prior authorization.
Despite the significant amount of funds siphoned off by attackers, there was a notable decrease in the number of victims losing over $1 million, dropping by 75% compared to the previous month. However, the threat landscape continues to evolve, with users now cautioned against a scam app discovered on the Apple App Store containing crypto-drainer malware.
The developers of a popular crypto wallet, Leather, took to social media to warn users about the fraudulent app and urged them to only download the wallet from its official website. They emphasized the importance of vigilance and urged users to exercise caution when interacting with cryptocurrency-related applications and platforms.
As cryptocurrency adoption continues to rise, so too do the risks associated with malicious actors seeking to exploit vulnerabilities in the digital asset ecosystem. Users are reminded to remain vigilant, employ robust security measures, and only engage with trusted sources to mitigate the risk of falling victim to phishing scams and malware attacks.
Leave a Reply