As crypto regains its value and even more valuable tokens are launched, attacks against individual wallets are accelerating. Only in the first two weeks of October, around $41M was lost to phishing attacks.
More than $41M was lost to phishing attacks in October so far. Estimates on phishing attacks in September count incidents that stole $46M. Certik’s estimation is much higher, with an increase in all types of attacks in Q3. As more newcomers try out crypto, wallet phishing and malicious links are becoming more common. In the past 24 hours alone, another account lost $1.57M after signing a permit.
🚨 3 hours ago, another victim lost $1.57M after signing a "permit" phishing signature.💸 pic.twitter.com/wDGZIMdJ7N
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 15, 2024
DefiHackLabs discovered a total of eight exploits in October, with attack values ranging from $100K to $2.4M, depending on individual wallets. The sum is relatively small compared to the overall exploits of exchanges in the past few weeks. However, the ubiquity of the attacks and the effects on retail traders make phishing one of the significant threats in Web3 usage.
The losses were also much harder to recover, as hackers moved them through DEX or mixers. Phishing hacks add to the losses from more elaborate attacks like the validator address hacks and MEV exploits.
Phishing attacks usually ask for actions to be signed through the user’s wallet, based on demands to approve a contract or sign another type of transfer or permission. Fake phishing tokens also target wallets with crypto balances, in an attempt to redirect funds to a fake address. Permit phishing is especially harmful, as it can gain permission to move multiple tokens. One such example happened just days ago when a wallet was hacked for $1.4M worth of meme tokens.
Those types of attacks have existed before, but are accelerating in October, due to an inflow of users. Most of the attacks affect Ethereum, one of the most liquid chains, with well-understood smart contracts. Hackers often use open-source contracts to generate malicious links or even specifically built smart contracts that look realistic.
Hacked X accounts deliver fake links
As the crypto community is mostly active on X, accounts are at risk of hacking. October is an extremely risky period, as the meme token frenzy coincides with the general market recovery. All assets are fair game, from BTC and blue chips to the last new meme token that may grow 1,000 times or more.
One of the attack vectors hacked X handles, sometimes belonging to influencers or meme token accounts. Instead of signing to buy a token, users see their wallets emptied. Even pressing ‘connect wallet’ to a link from social media may cost all the assets within that wallet. Sometimes, a malicious link will be masked as a token recovery tool or even a protection against hacks.
Links may appear through Google ads, inviting users to new chains. Again, the scam website will ask the user to connect a wallet – and in that case, the best approach is to only risk the test with a new empty wallet.
Promising airdrops or point farming is also a way to convince users to put their skepticism to sleep and grant permission to their wallets. One of the latest X handles to be hacked belonged to the SPX6900 hot meme token, exposing potential buyers to a malicious address. Sometimes, links hide in what seems like harmless offers or download links. With more newcomers to meme tokens, keeping their wallets ready for trading at all times, such incidents will only accelerate.
Scam advertising on social media, as well as scam replies, are often another carrier of malicious links. Compromised Discord servers or expired invitations, as well as calls to install software, may drain wallets, or even install software to compromise private keys.