X, formerly known as Twitter, continues to be a breeding ground for scammers who exploit the platform for phishing schemes, resulting in substantial financial losses amounting to $104 million. Impersonator accounts on X lure unsuspecting users into phishing sites, perpetrating fraudulent activities.
X turns into a phishing nightmare
In February, hackers stole about $47 million through crypto phishing scams, with the vast majority of consumers falling prey to phony X (previously Twitter) accounts. As crypto acceptance grows amid the bull run, there has been an increase in crypto phishing scams.
However, the industry made some progress in February, with a considerable reduction in thefts. According to Scam Sniffer’s February Phishing Report, a large number of people fell victim to such schemes via X.
Deceptive remarks from impersonated X accounts were used to direct unsuspecting individuals to phishing websites where they were victims of such schemes.
A stunning 57,000 people fell victim to crypto phishing scams, resulting in a total loss of almost $47 million. Surprisingly, the number of victims has decreased by 75%, resulting in a loss of more than $1 million over the preceding month.
Meanwhile, Ethereum mainnet accounts for 78% of all scams, with ERC20 tokens being the top target, accounting for 86% of the stolen monies. ERC20 token thefts were mostly assisted by phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit 2.
Furthermore, many Wallet Drainers have started using Safe or Account Abstraction wallets as token approval spenders, which exacerbates the phishing problem.
The latest Scam Sniffer findings are consistent with SlowMist’s analysis, which revealed extensive theft motivated by phishing tweets. The security team reported multiple instances of theft and discovered that a major fraction of these cases were enabled by false comments under tweets from well-known projects.
In fact, roughly 80% of comments on tweets from such projects were detected as phishing scam accounts.
Despite Elon Musk’s vows to reduce bots on the network, little has changed after his tumultuous takeover and subsequent improvements. Several reports indicate that fraudsters are increasingly using X advertising to promote websites that lead to crypto drainers, fraudulent airdrops, and other scams.
The crypto phishing pandemic
In 2024, the world of crypto has been marred by a surge in phishing scams, posing significant challenges to investors and enthusiasts alike. The crypto scams come in the wake of the bull market.
This nefarious trend has raised concerns among industry experts and regulatory bodies, highlighting the need for enhanced security measures and greater awareness among users. These attacks come in the form of:
Sophisticated tactics: Phishing scams have evolved, with perpetrators employing increasingly sophisticated tactics to deceive users.
Impersonation of companies: Perpetrators often impersonate legitimate companies or individuals to trick users into divulging their private keys or login credentials.
With the ongoing crypto crimes, victims of phishing scams often suffer significant financial losses as hackers gain unauthorized access to their crypto wallets.Additionally, such incidents erode trust in the crypto ecosystem, deterring potential investors and hindering mainstream adoption.
Scam Sniffer previously reported losses of roughly $300 million from cryptocurrency phishing scams in 2023. Throughout the year, more than 320,000 users fell prey to similar fake efforts.
Recently, a new tactic has evolved in which users are encouraged to click on “airdrop claim” links. These are just links to sites that drain your pocketbook. Last month, the X account of prominent Bitcoin [BTC] whale MicroStrategy was hacked and used to send a phishing airdrop link.
Previously, email services from big Web3 companies like as Token Terminal were compromised and used to transmit airdrop claim URLs. Both occurrences resulted in considerable financial losses.
While scammers employ advanced ways to impersonate the original entity, be on the alert for typos, content misalignment, and improper syntax.