Scam Sniffer Report: $55 Million Stolen Due To Phishing In January


In January, ScamSniffer monitored approximately $55 million stolen across all EVM chains, including Ethereum, Arbitrum, BNB, Optimism, Polygon, Avalanche, and others.

There were around 40,000 victims, with the top 7 victims losing $17 million. Approximately 11,000 phishing websites were created.

Dune Report:

Theft Trends

It is evident that there was a theft peak almost every few days, often related to airdrops or popular projects.

Theft – By Chain

The majority of the thefts occurred on the Ethereum mainnet, followed by Arbitrum, BNB, Optimism, and Polygon.

Phishing Websites

ScamSniffer monitored around 11,000 phishing websites in January, including 8 active Wallet Drainers.

These phishing websites impersonated various projects, including Manta Network, Frame, SatoshiVM, AltLayer, Dymension, zkSync, Pyth, Opensea, Optimism, Blast, and others.

Top Victims

The top 7 victims lost a total of $17 million:

VictimStolen AmountPhishing Signatures
0x1749ad951fb612b42dc105944da86c362a783487$4.70 millionERC20 Permit, Create2
0x0c008e6479a83be6a6c49d95c2029a6064136688$2.66 millionERC20 Permit, Create2
0xc9f304efe0acc225408797d58a53dfd6a29cd83c$2.34 millionincreaseAllowance, Create2
0xd9b7f9a448c9b7b183249990866f2891b688b48f$2.47 millionincreaseAllowance, Create2
0x1f38e548263e7d9376c62f990d8ff15e7fee2f95$2.26 millionincreaseAllowance
0x4a8b9e2c2940fdd39aceb384654dc59acb58c337$1.40 millionSwap, ERC20 Permit, Create2
0xf8ebfacb4768b4152dd38416c1ea5fd143f5f807$1.28 millionincreaseAllowance, ERC20 Permit, Create2

Key Insights

Phishing Signatures

Phishing signatures involving ERC20 Permit or increaseAllowance were the primary methods through which victims unknowingly signed phishing transactions.

Twitter Phishing Comments

Most victims were lured into phishing websites through comments on impersonated Twitter accounts. Disabling comments may be worthwhile to prevent such incidents.


Most Wallet Drainers utilized Create2 to generate temporary addresses for each malicious signature.

Collateral Tokens

VictimStolen AmountAssetsAsset types
0x1749ad951fb612b42dc105944da86c362a783487$4.70 millionaEthWETH, aEthUNICollateral Token
0x0c008e6479a83be6a6c49d95c2029a6064136688$2.66 millionaEthWETH, SAVMCollateral Token, ERC20
0x4a8b9e2c2940fdd39aceb384654dc59acb58c337$1.40 millionaEthLink, LINK, OPCollateral Token, ERC20

No matter what assets you have in your wallet, whether they are LP Tokens / Collateral tokens / NFTs. wallet drainers all support it, all are aimed at draining your assets with one signature.

Recent Articles

Related Stories