Pandoraland

Nothing to Hide

Crypto phishing attacks plummet in April, reaching a yearly low of $38 million

Ukraine seizes $19,500 from crypto wallet dedicated to supporting Russian forces

Crypto phishing attacks plummet in April, reaching a yearly low of $38 million

Crypto phishing incidents on 'X' drive April's record low theft totals.

Phishing attacks within the crypto industry decreased 46% to $38 million in April, the lowest amount this year, according to the security firm Scam Sniffer.

Notably, this aligns with CertiK’s finding that crypto-related exploits and scams plummeted to a historic low of $25.7 million in April.

April’s phishing attack

Per Scam Sniffer’s findings, the Coinbase-backed Ethereum layer-2 network Base recorded a 145% surge to $8.2 million in phishing incidents during the past month. Two of the top 10 largest single thefts occurred on this chain, accounting for 21% of the month’s total theft.

Crypto phishing attacks plummet in April, reaching a yearly low of $38 million
Top 10 Phishing Attacks in April. (Source: Scam Sniffer)

Meanwhile, ERC-20 tokens bore the brunt of attacks, with 88% of the stolen assets belonging to this class.

Scam Sniffer identified fake accounts on the social media platform X (formerly Twitter) as the primary tool utilized by scammers. These attackers mimicked prominent projects like Renzo, Avail, and Ether.fi, Wormhole, and Omni, and their accounts often sport fake verification marks, lending an air of authenticity that is used to lure unsuspecting users.

Using these accounts, the attackers post deceptive comments on social media platforms to drive unsuspecting individuals to malicious sites where their assets can be stolen.

Additionally, the attackers usually employed phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2. These malicious signatures grant the attackers access to their victim’s funds without their knowledge.

Scam Sniffer added:

“Despite wallets increasing phishing alerts for certain signatures, wallet drainers are actively finding ways around these alerts using legitimate contracts like Disperse and Uniswap Multicall, and variants of value normalization.”

Mentioned in this article