Scam Sniffer Reports $10.25 Million Lost to Phishing
On February 4, the analytics platform Scam Sniffer published its January report on phishing attacks in the crypto industry.
On this page
According to the data, 9,220 victims lost a total of $10.25 million to fraudulent schemes in January. While this is a 56% decrease from December’s $23.58 million in losses, cybersecurity experts warn that the threat remains significant. Phishing tactics are becoming more sophisticated, and malware-driven attacks are rapidly increasing.
Key Attack Methods and Largest Losses
Despite the decline in overall stolen funds, scammers continue to develop new ways to exploit users. The biggest losses in January were caused by three primary attack methods:
- $1 million stolen due to a vulnerability in Uniswap Permit2.
- $549,000 lost through direct transfers to attackers.
- $471,000 drained via fake transactions using signature spoofing techniques.
However, signature spoofing remains the most common attack vector. By tricking users into signing fraudulent transactions, scammers gain direct access to their funds. This typically happens through malicious smart contracts disguised as legitimate services. In some cases, attackers create fake wallet interfaces, altering transaction details so users unknowingly authorize full asset transfers to third parties.
One notable case involved a crypto holder losing $1 million worth of RLB due to a phishing scheme exploiting Uniswap's Permit2 feature.
Scam Sniffer experts stress the importance of carefully reviewing every digital signature before approving a transaction. Any unexpected approval requests should be treated as a potential red flag.
Surge in Malware Attacks
The report also highlights a significant rise in malware activity. The most concerning trends in January include:
- Telegram Fake Safeguard scams: Attacks have surged by 2,000% since November 2024. These scams trick Telegram users into exposing their crypto wallets.
- Fake Phantom pop-ups: Scammers are specifically targeting Solana users, luring them into entering their seed phrases on fraudulent websites.
This spike in malicious activity underscores the critical need for stronger cybersecurity practices among crypto investors.
One of the most alarming cases involved a user losing 143.45 ETH ($460,895) due to a spoofing attack.
How to Protect Yourself from Phishing Scams
Scam Sniffer experts recommend the following best practices to safeguard your assets:
- Never rush to sign transactions. A sense of urgency is often a red flag for scams.
- Carefully review every digital signature. Double-checking transaction details before approval can prevent losses.
- Be wary of fund recovery services. Promises of 100% crypto asset recovery are a common fraud tactic.
- Use security tools. Browser extensions like Scam Sniffer can help detect and block suspicious activity.
If you fall victim to hacking or fraud, consider reaching out to cybercrime investigation agencies such as MistTrack and CFInvestigators. However, keep in mind that recovering stolen funds is rarely guaranteed.
Knowing how to spot phishing attempts in transaction logs and messages can help prevent potential losses. For a detailed guide, check out our article: Expert Tips for Avoiding Scams and Phishing Attacks
Despite a decline in overall phishing losses, fraud tactics are becoming increasingly sophisticated, and malware threats continue to grow. Scam Sniffer urges the crypto community to stay vigilant and follow updates on emerging threats via their official account @realScamSniffer.
Full report available on Dune Analytics.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.