[1/7] 🚨💸 ScamSniffer's March Phishing Report
Crypto phishing scams hit $71M in March, marking a 50% increase in stolen funds from February.
The first quarter of 2024 has seen a total of $173M lost to phishing scams. 📈🔒
💸 Losses due to phishing in 2024 have already exceeded $100 million.
🛡️ To better protect our users, the Scam Sniffer Chrome extension has now started detecting phishing links on Twitter proactively!
🚨 Scam Sniffer's 2023 Report is out! Nearly $300M stolen by phishing campaign targeting crypto wallets - affecting over 324K victims. 🕵️♂️
📈 Trends show no sign of slowing, as new drainers emerge to replace the old. Stay vigilant & informed:
After more investigation, there are 515 Thirdweb deployed tokens on the Mainnet affected by the Multicall and ERC-2771 vulnerabilities, 25 of which have been exploited.
Both HXA and WFCA are listed on exchanges and the prices have dropped a lot.
🚨1/ Alert: A 'Wallet Drainer' has been linked to phishing campaigns on Google search and X ads, draining approximately $58M from over 63K victims in 9 months.
1/ Wallet Drainers are misusing Create2 to bypass security alerts in some wallets by generating new addresses for each malicious signature.
After a discussion with
@SlowMist_Team
, a group has employed the same technique in Address Poisoning to steal $3M since Aug.
1/ 🚨 A recent surge in phishing scams via Google search ads has led to users losing approximately $4 million.
ScamSniffer has investigated multiple cases where users clicked on malicious ads and were directed to fraudulent websites.
#PhishingScams
#GoogleAds
Best joke of the day:
While testing a Solana Drainer, accidentally confirmed a phishing transaction, leading to a loss of approximately $10k worth of SOL.
🚨 wallet drainers start using the Account Abstraction wallet for draining!
the same scammer has already drained $163,728 worth of $PANDORA by using this method.
🚨 in Solana, scammers use a switch to fake simulation results:
- enable switch
- users saw the fake simulation results while signing malicious transactions
- scammers disable the switch and execute the transaction
- user's assets are stolen
There’s a completely new breed of scams on the loose, and they're not like anything we've seen before!
Imagine: a transaction that appears safe when you sign it, but the moment it's submitted on chain, it suddenly drains your assets.
Sounds like a nightmare, doesn't it?
1/ Inferno Drainer, a scam vendor specializing in multi-chain scams, has stolen $5.9 million in assets from nearly 4,888 victims through over 689 phishing websites targeting popular projects.
about ~10 Safe wallets have lost $2.05 million to "address poisoning" attacks in the past week.
the same attacker has stolen $5 million from ~21 victims in the past four months so far.
New Scam as a Service Provider: Venom Drainer
💸 Drained $27M from ~15k victims, with the top 5 victims losing $14M
🐍 ~530 phishing sites created, targeting ~170 brands
🚨 Stats:
🚨 Can you tell real from fake Twitter accounts? with phishing on the rise, spotting the difference is crucial.
over $10M was stolen from victims this past week alone!
beware of Google Search Ad phishing! it's not getting better since we report it a few months ago.
a victim lost 900k USD by clicking the malicious Celer Bridge ad yesterday.
beware of airdrop phishing scams on Solana!
scammers employ anti-simulation techniques to prevent wallets from showing balance changes. victims unknowingly lose their assets by signing malicious transactions.
they have already stolen ~$290K in the past few days!
1/ 🚨 Over $4M in assets have been stolen by sophisticated Solana wallet drainers, and nearly 4k users have fallen victim to these phishing attacks in the past month.
🚨 [1/6] ScamSniffer's February Phishing Report
In February, about 57,000 victims lost approximately $47 million to crypto phishing scams.
Compared to January, the number of victims who lost over $1 million decreased by 75%.
a multi-sign Safe wallet lost $1.45 million to address poisoning attacks about 1 day ago!
he wants to send it to
0xB087cf...947f5870
but sent to
0xB08726...b3675870
1/ 🚨 $690k lost due to Permit2-Based phishing!
Introducing Uniswap Permit2 Authorization Management – an essential tool for managing internal authorizations of Permit2.
Try it now at
#Uniswap
#Permit2
#DeFi
1/ 🚨 A recent surge in phishing scams via NFT Airdrop on Polygon has led to users losing approximately $1.25 million.
By analyzing data on-chain, there have 530k wallets being targeted, and more victims are increasing daily
how to avoid being phished?
be cautious of phishing attempts in these common scenarios,
and familiarize yourself with common phishing signatures that can lead to the theft of your assets.
🚨 Scam Sniffer's 2023 Report is out! Nearly $300M stolen by phishing campaign targeting crypto wallets - affecting over 324K victims. 🕵️♂️
📈 Trends show no sign of slowing, as new drainers emerge to replace the old. Stay vigilant & informed:
Scammers keep stealing users' ERC20 tokens daily through Permit2 approval phishing.
In response to requests from some victims, our Permit2 revoke tool now supports more chains including Polygon, Optimism, and Arbitrum.
1/ The
@blur_io
's Blend Protocol has been online for a while, the protocol introduces two new EIP712 messages, 𝐒𝐞𝐥𝐥𝐎𝐟𝐟𝐞𝐫 and 𝗟𝗼𝗮𝗻𝗢𝗳𝗳𝗲𝗿.
But you should be aware of potential phishing exploits based on those two types of messages!
We have found a potential phishing exploit based on Blur bulk listing signature that can steal your NFTs with just one message signature!
And thanks
@SlowMist_Team
helped verified that. Please don't sign any Blur bulk listing signature that is not from !
those fucking scammers are genius!
an interesting exploit to use the 𝗺𝘂𝗹𝘁𝗶𝗰𝗮𝗹𝗹 from Uniswap SwapRouter02 to construct malicious transactions:
- pull(token, value)
- sweepToken(token, amount, scammer)
beware of the phishing site!
since the
@ArkhamIntel
announce the airdrop, there have been a lot of phishing sites impersonating them in the last few days.
over $10 million was stolen across 4 victims in just 5 days.
what we can learn from that? A few key insights:
- create2 is standard
- collateral token
- erc20 permit
🚨 Over the past week, there have been 4 phishing thefts each over $1 million, totaling $9.04 million.
Most were Pendle Yield tokens.
Most were due to the Permit phishing signature.
I just got phished and I need to revoke it to avoid more losses!
but wait, which one is the real ?
tons of phishing sites were created by scammers to impersonate Revoke Cash in the past few days.
1/ Here is a real case happened 9 hours ago
A victim lost $927k worth of $GMX after signing a `signalTransfer(address receiver)` transaction to the GMX Reward Router on Arbitrum.
1/ Wallet Drainers are misusing Create2 to bypass security alerts in some wallets by generating new addresses for each malicious signature.
After a discussion with
@SlowMist_Team
, a group has employed the same technique in Address Poisoning to steal $3M since Aug.
🚨 Alert:
@compoundfinance
's Twitter account has been compromised. Do not click on any links posted from their account.
A phishing link (compound-labs[.]xyz) was spotted 16 hours ago.
Stay vigilant and ensure the safety of your assets by avoiding suspicious links.
🚨 Scam Sniffer's 2023 Report is out! Nearly $300M stolen by phishing campaign targeting crypto wallets - affecting over 324K victims. 🕵️♂️
📈 Trends show no sign of slowing, as new drainers emerge to replace the old. Stay vigilant & informed:
1/ Over the past few weeks, the same scammer called 𝗣𝗶𝗻𝗸 𝗗𝗿𝗮𝗶𝗻𝗲𝗿 has hacked 7+ Discord servers and stolen $3 million in assets from nearly ~1,932 victims across multiple chains.
🚨 Fake Account Warning 🚨
2 days ago, we added a real-time fake account check feature to our Chrome extension.
today, it successfully alerted us to a fake account case involving the theft of $2.6 million, as reported by
@zachxbt
.
seems like the wallet drainer's c2 servers behind the ledger library attack all have been blocked by Cloudflare!
this definitely will affect them a lot! cause every phishing site C2 server is hardcoded 👀
🚨 Be Alert: A $170K auction theft happened 45 minutes ago due to a phishing tweet in comments.
Remember to scrutinize usernames and links in your Twitter comments. Don't let scammers trick you!
🚨 Scam Sniffer's 2023 Report is out! Nearly $300M stolen by phishing campaign targeting crypto wallets - affecting over 324K victims. 🕵️♂️
📈 Trends show no sign of slowing, as new drainers emerge to replace the old. Stay vigilant & informed:
over $10 million was stolen across 4 victims in just 5 days.
what we can learn from that? A few key insights:
- create2 is standard
- collateral token
- erc20 permit
We implemented DNS monitoring to track front-end domain changes for well-known projects last year, in response to BGP hijack incidents involving
@CurveFinance
and
@CelerNetwork
.
Today, the monitoring successfully detected
@Balancer
's DNS changes.
about ~10 Safe wallets have lost $2.05 million to "address poisoning" attacks in the past week.
the same attacker has stolen $5 million from ~21 victims in the past four months so far.
Our DNS monitoring successfully captured the Frax Finance front-end domain's ISP was changed from "Cloudflare" to "DDOS-GUARD" since "2023-10-31T22:34:44.618Z".
someone lost about 308k worth of Paxos Gold to phishing scams about 49 minutes ago.
the victim fell into panic and moved the left assets to another wallet.
🚨💔 32 minutes ago, a phishing scam resulted in a loss of tokens valued at $772,216.
The victim signed multiple phishing Permit signatures and also lost his MerlinSwap liquidity provider NFT.🛡️💸
Earlier today a draining service phished $4.3M from an ALI holder
After seeing a message from
@realScamSniffer
I immediately alerted the core team and investors who helped put together an emergency community vote to burn the stolen tokens after approval from the victim.
Happy…
beware of phishing scams on Twitter.
scammers are using ads to target MetaMask users. they keep switching to new ad accounts after each one is suspended.
🚨 Scam Sniffer's 2023 Report is out! Nearly $300M stolen by phishing campaign targeting crypto wallets - affecting over 324K victims. 🕵️♂️
📈 Trends show no sign of slowing, as new drainers emerge to replace the old. Stay vigilant & informed: