Losses from cryptocurrency phishing scams dropped in November, with a little over $9 million, representing a 53% drop from the previous month.
According to the November report from web3 security firm ScamSniffer, malicious actors stole approximately $9.83 million from cryptocurrency enthusiasts.
The scams impacted 9,208 victims, reflecting a 23% drop compared to October.
Cryptocurrency phishing losses have been steadily declining since August when scammers stole $63 million from 9,145 victims.
However, the number of affected individuals increased to over 10,000 in September despite the total amount lost dropping to $42 million.
ScamSniffer highlighted this trend, noting that despite the decrease in total losses, the number of victims remained significantly high.
Approval phishing remained the leading attack vector, consistent with the trend seen over the past months.
Approval phishing involves manipulating victims into unknowingly granting malicious smart contracts access to their cryptocurrency wallets.
This tactic often employs social engineering techniques, such as fake websites or dApps promoted through fraudulent links on social media platforms.
Scammers may impersonate well-known projects or services, luring users to interact with what appear to be legitimate interfaces.
Once the victim approves the transaction, the attacker gains permission to withdraw funds or tokens directly from the wallet, resulting in significant losses.
According to the blockchain analytics firm, the biggest loss of the month stemmed from a victim losing $661,000 worth of stETH.
This utility token, representing a share of the total Ethereum staked through the protocol, was drained from the victim’s wallet within minutes after they unknowingly approved a malicious transaction.
Other significant losses included $409,000 in WBTC on the Arbitrum network, $344,000 in FET on Ethereum’s Uniswap platform, and $220,000 in USDT on Ethereum via direct transfers.
ScamSniffer advised users to exercise caution by avoiding rushed transactions and thoroughly verifying all signature requests to safeguard against phishing attacks.
New phishing toolkits have emerged
The drop in overall losses could likely be due to the fact that a number of major wallet drainers, including shut down their operations.
Notorious toolkits like Pink Drainer, which stole at least $75 million, also closed shop earlier this year, as did Inferno Drainer, which netted $70 million before its shutdown in 2023.
However, ScamSniffer warned that the operators behind the infamous Angel Drainer allegedly took over the Inferno Drainer project.
Based on earlier reports, the original Angel Drainer team was identified by Match Systems earlier this year, leading to the operation’s shutdown, which was later confirmed through messages shared in the developers’ Telegram group.
In September, cybersecurity firm Blockaid discovered a new wallet-draining kit called AngelX, which is estimated to be an upgraded version of Angel Drainer.
The post Crypto phishing losses drop over 50% in November, reports ScamSniffer appeared first on Invezz
