Phishing attacks continue to cause significant losses for crypto users, with over 10,000 victims losing over $46 million to these scams in September, according to Scam Sniffer, a Web3 anti-scam platform.
According to the firm, 10,805 victims lost $46.7 million in various crypto phishing scams last month.
This brought the total losses from phishing scams in the third quarter of this year to $126 million, with an average of 11,000 victims each month. Two major victims accounted for $87 million of these losses.
How phishing scams work
One notable case in September involved a victim losing $32 million after signing a permit signature. According to Scam Sniffer, around 12,083 Spark Wrapped Ethereum (spWETH) tokens were stolen from the victim’s wallet on Sept. 28. The attacker initially sent 10,000 spWETH to one wallet before moving the remaining tokens to four additional wallets.
In another instance, a victim lost $1 million after copying the wrong address from a contaminated transfer history. Hours earlier, the victim had sent about 200 ETH to the correct address. When attempting another transfer, they copied the poisoned address, resulting in the loss of 410 ETH to a phishing attacker.
Phishing scams typically involve tricking victims into revealing their private keys or other sensitive information through social engineering techniques. Attackers often use malicious URLs to steal data when victims click these links.
Scam Sniffer, citing data from MistTrack, noted that most victims were lured into these scams by phishing links from fake accounts on X, formerly known as Twitter. Other victims were directed to phishing sites via Google ads.
Yu Xian, founder of SlowMist, emphasized that phishing scams remain a significant issue in the ecosystem despite increased security education and improved tools to prevent such attacks. He remarked:
“When I think about it, [phishing] is a headache for the ecosystem, than the various advanced attack methods.”