April Phishing Attack Report: 34,000 Victims, $38 Million Lost, Base Hackers Increase by 145%

The cybersecurity software ScamSniffer has released its phishing attack report for April.

In April, the number of phishing victims and the amount of losses have significantly decreased by 46% compared to March. There were 34,619 victims with a total loss of 38.63 million US dollars.

Base Hacked Activity Surges

Despite a decrease in hacking activities, Base blockchain has seen a 145% surge in hacker data. The top two positions in the comprehensive ranking of stolen addresses are both held by Base, accounting for 21% of the total in April.

Main Causes of Fund Loss: Permit, IncreaseAllowance

ScamSniffer indicates that up to 88% of stolen assets are ERC20 tokens. Most of the thefts are due to network phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2, resulting in significant losses.

Wallet Drainers, hidden in Google and Twitter ads, steal $20 million from a single wallet

Is there a security risk after using Uniswap? How can off-chain signatures lead to asset theft

How Did They Phish? Through Fake Twitter Accounts

ScamSniffer states that fake Twitter accounts posting false comments are the main method. They imitate popular projects daily, as the ScamSniffer extension detects a large number of fake accounts every day.

Press a button, and all your money is gone! What are the phishing tactics and prevention methods of "offline authorization signatures"? Fake EigenLayer case study

Phishing Traps Attempting to Evade Detection

ScamSniffer mentions that although wallets have added phishing alerts for certain signatures, a malicious phishing program called Wallet Drainer is actively seeking ways to bypass these alerts, using legitimate contracts like Disperse and Uniswap Multicall, as well as variables for value normalization.

ScamSniffer warns that phishing is one of the main threats to cryptocurrency users and urges caution.