A whopping $41 million has been lost in October so far due to the increasing influx of phishing attacks. Most of the phishing operations within the crypto space usually involve engaging users in signing actions through their crypto wallets, to approve contracts or linking permissions.
Making false tokens that look like real wallet tokens is one typical phishing method used to pilfer cryptocurrencies from victims’ wallets. Particularly harmful is permit phishing since it lets several highly valuable tokens be transferred simultaneously.
🚨 3 hours ago, another victim lost $1.57M after signing a “permit” phishing signature.💸 pic.twitter.com/wDGZIMdJ7N
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 15, 2024
Phishing: Hackers Getting Smarter
An example is a wallet breach with $1.39 million worth of meme tokens. Although such ransom attacks are not new, they picked up the pace just in the last few days of October, which correlates with increased user activity.
🚨 25 mins ago, a PEPE holder lost $1.39M worth of PEPE, MSTR, and APU after signing a “permit2” phishing signature.💸 pic.twitter.com/Wf4nd8eFxl
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 13, 2024
Most such attacks occur on the Ethereum blockchain, which is very liquid and uses well-known smart contracts. Most hackers use open-source contracts to devise malicious links or develop quite realistic-looking smart contracts for unsuspecting individuals to click.
Hacked Social Media Accounts Spread Fake Links
Crypto has seen a lot of activity on X and similar platforms, which makes X user accounts now the biggest target for hackers. The issue is particularly high in October, as the meme token frenzy would overlap with a broader market recovery. Hacked X accounts, especially those of influencers or meme token projects, share links deceiving users into connecting their wallets.
As of today, the market cap of cryptocurrencies stood at $2.27 trillion. Chart: TradingView.com
The link might empty the wallets, even from a simple “connect wallet” click. Some malicious links might be token recovery or anti-hack tools. Other fake links also resemble and mimic advertisements from search engines, such as Google, which ask people to connect their wallets to new blockchains. Therefore, all necessary testing for authenticity should be done with empty wallets.
Exploits In Airdrop And Advertising
Phishing schemes always employ interest in airdrops or point farming to raise the guard and obtain wallet permissions. Recently, hackers stole an X account associated with the SPX6900 meme token, which might have put the buyers at risk of malicious addresses.
Malicious links may appear like harmless offers or download links targeting people preparing their wallets for trading meme tokens but these events will become more prevalent as more users begin filling the meme token space.
Social media scam ads, fake comments, botched Discord servers, and expired invitation links are additional risks. One attack can swallow your wallet, another might do a lot more damage that could be beyond your crypto wallet.
Featured image from Wisevu, chart from TradingView