Overview
In January, ScamSniffer monitored approximately $55 million stolen across all EVM chains, including Ethereum, Arbitrum, BNB, Optimism, Polygon, Avalanche, and others.
There were around 40,000 victims, with the top 7 victims losing $17 million. Approximately 11,000 phishing websites were created.
Dune Report: https://dune.com/scam-sniffer/january-2024-crypto-phishing-report
Theft Trends
It is evident that there was a theft peak almost every few days, often related to airdrops or popular projects.
Theft – By Chain
The majority of the thefts occurred on the Ethereum mainnet, followed by Arbitrum, BNB, Optimism, and Polygon.
Phishing Websites
ScamSniffer monitored around 11,000 phishing websites in January, including 8 active Wallet Drainers.
These phishing websites impersonated various projects, including Manta Network, Frame, SatoshiVM, AltLayer, Dymension, zkSync, Pyth, Opensea, Optimism, Blast, and others.
Top Victims
The top 7 victims lost a total of $17 million:
Victim | Stolen Amount | Phishing Signatures |
---|---|---|
0x1749ad951fb612b42dc105944da86c362a783487 | $4.70 million | ERC20 Permit, Create2 |
0x0c008e6479a83be6a6c49d95c2029a6064136688 | $2.66 million | ERC20 Permit, Create2 |
0xc9f304efe0acc225408797d58a53dfd6a29cd83c | $2.34 million | increaseAllowance, Create2 |
0xd9b7f9a448c9b7b183249990866f2891b688b48f | $2.47 million | increaseAllowance, Create2 |
0x1f38e548263e7d9376c62f990d8ff15e7fee2f95 | $2.26 million | increaseAllowance |
0x4a8b9e2c2940fdd39aceb384654dc59acb58c337 | $1.40 million | Swap, ERC20 Permit, Create2 |
0xf8ebfacb4768b4152dd38416c1ea5fd143f5f807 | $1.28 million | increaseAllowance, ERC20 Permit, Create2 |
Key Insights
Phishing Signatures
Phishing signatures involving ERC20 Permit
or increaseAllowance
were the primary methods through which victims unknowingly signed phishing transactions.
Twitter Phishing Comments
Most victims were lured into phishing websites through comments on impersonated Twitter accounts. Disabling comments may be worthwhile to prevent such incidents.
CREATE2
Most Wallet Drainers utilized Create2 to generate temporary addresses for each malicious signature.
Collateral Tokens
Victim | Stolen Amount | Assets | Asset types |
---|---|---|---|
0x1749ad951fb612b42dc105944da86c362a783487 | $4.70 million | aEthWETH, aEthUNI | Collateral Token |
0x0c008e6479a83be6a6c49d95c2029a6064136688 | $2.66 million | aEthWETH, SAVM | Collateral Token, ERC20 |
0x4a8b9e2c2940fdd39aceb384654dc59acb58c337 | $1.40 million | aEthLink, LINK, OP | Collateral Token, ERC20 |
No matter what assets you have in your wallet, whether they are LP Tokens / Collateral tokens / NFTs. wallet drainers all support it, all are aimed at draining your assets with one signature.