ScamSniffer Phishing Report: Over 300 million losses in half a year, one person loses tens of millions of pounds becoming the second largest victim in history
The mid-year security report from cybersecurity company ScamSniffer indicates that in the first half of 2024, there were a total of 266,000 phishing victims with a combined loss of 314 million U.S. dollars. This figure has already exceeded the total for the entire previous year, which was 295 million U.S. dollars, in just the first half of this year. Source
Table of Contents
Second Largest Stolen Amount in History Revealed
ScamSniffer first pointed out that among the 260,000 victims, 20 of them each lost over $1 million, totaling a loss of $58 million:
The victim with the highest stolen amount lost $11 million, making them the second largest user in history to have funds stolen.
Main Reasons: Permit, IncreaseAllowance
Regarding the main reasons for the loss of funds, ScamSniffer analyzed the top 20 victims of theft, pointing out that most of the stolen tokens were due to mistakenly signing phishing signatures:
Including Permit, IncreaseAllowance, and Uniswap Permit2, among others.
Prior to this, warnings had been issued regarding phishing risks, advising users to be cautious.
Is there a security risk when using Uniswap? How can off-chain signatures lead to asset theft
It is now quite practical to install the ScamSniffer web extension tool on your computer to identify phishing content and suspicious websites.
Even Staked and Re-staked Assets Can Be Stolen!
The company also warns that many large-scale phishing operations have stolen assets including staked, re-staked, Aave Collateral Aave staking rewards, and tokens from the Pendle protocol such as LSD assets and PT/YT tokens:
Please note that these tokens also support Permit, and once stolen, your staked assets cannot be recovered.
Falling into the Trap of Fake Accounts
As for how victims fell into phishing scams, ScamSniffer also collected feedback from victims and found that most victims were lured into highly realistic phishing websites by phishing messages posted by fake Twitter accounts.
It is advised that users carefully check factors such as the number of followers, mutual followers, account names especially the distinction between "i" and "l", and the swapping of letters before clicking on any related links to avoid losing their assets.
One Click and All Money Gone! What are the phishing techniques and prevention methods of "offline authorization signatures"? The case of fake EigenLayer
Those Volunteering to Help You Recover Assets Could Also Be Scams
Facing users whose funds have been stolen, ScamSniffer emphasizes that assistance in recovering funds can be sought through the cybersecurity company MistTrack MisTrack.
However, the company also warns that anyone claiming to be able to 100% recover stolen assets may be another scam.
Rampant Phishing, Users Still Need to Protect Themselves
This year, with large projects such as Avail, EigenLayer, ZKsync, and BLAST conducting airdrops, Telegram also attracted users to participate in its own Ton ecosystem through various money-making games.
From phishing emails about airdrops to official project accounts being hacked, the first half of this year has seen a constant stream of incidents, and users still need to be vigilant about unfamiliar links.
Security Warning: Numerous Telegram Phishing Traps, Accounts May Disappear Directly
Related
- China improves infiltration methods: Taiwanese military officer accepts USDT in exchange for national secrets, Telegram anonymous individuals
- CrowdStrike global losses in the billions, CRWD drops 25%, Ark Invest increases buying.
- Cross-chain bridge protocol LI.FI hacked for $12 million, Parity: Same vulnerability exploited two years ago