Chainalysis has released a preview of its report on crypto fraud in 2024, with particular attention to the explosive growth of Approval Phishing. In fact, in 2023 alone, 374.6 million dollars were stolen.
But what is targeted approval phishing?
Chainlist and crypto fraud: the report on the strong growth of approval phishing in the last two years
In a preview of its new “2024 Crypto Crime Report,” which focuses on crypto fraud, Chainalysis discussed the strong growth that approval phishing has experienced over the past two years.
“Phishing scams targeting endorsements are on the rise, with many scammers using romantic scam tactics to trick victims into signing harmful TX. We estimate that victims lost more than $374 million in 2023. To learn more, check out our first preview of the Crypto Crime Report 2024.”
In practice, unlike other crypto scams, with targeted approval phishing, scammers persuade the user to sign a harmful blockchain transaction.
Specifically, the user’s signature gives the scammer’s address approval to spend specific tokens within their wallet, allowing them to empty the victim’s address of those tokens at will.
Usually, this technique involves three wallet addresses:
that of the victim signing the transaction with approval to the second address to spend their funds; the second address belonging to the phisher who will execute the transactions and transfer the funds to a third destination address; the third address will be the one containing the stolen funds.
This technique of crypto-fraud has seen explosive growth in the past two years, with at least 374 million dollars believed to have been stolen in 2023.
Chainlist and crypto-fraud: the development of dApps is behind the growth of approval phishing
Chainalysis goes on to describe the growing technique of endorsement phishing associating it with romance scams to convince victims to sign endorsement deals.
And indeed, behind this strong growth of the last two years of this type of crypto fraud, there is the rise of decentralized applications (or dApps) that require approval signatures to authorize smart contracts.
Specifically, dApps that use smart contracts, such as Ethereum, require users to sign approval transactions that authorize the dApp’s smart contracts to move funds held by the user’s address.
With this new habit introduced to the user, phishers put themselves in to forward their signature requests for approval of their transactions which are harmful instead.
In the investigations conducted by Chainalysis, it appears that the peak of income for suspected endorsement phishing scams occurred in May 2022. In numerical terms, the estimated amount of funds stolen by this crypto fraud for the entire year 2022 should be $516.8 million.
Not only that, the study highlights that the most successful approval phishing address likely stole $44.3 million from thousands of victim addresses.
Chain Analysis and Crypto Fraud: Tips to Avoid Falling into the Approval Phishing Trap
Chainalysis, the blockchain data platform that provides software, services and research, has also explored how to address the problem of crypto-fraud resulting from approval phishing.
Through its analysis scheme of the addresses involved in this technique, Chainlysis invites crypto exchange compliance teams to monitor the blockchain.
The goal is to identify phishing suspects with a strong exposure to associated destination addresses.
Not only that, more generally, the blockchain platform invites the entire industry to work to educate users not to sign suspicious endorsement transactions, or to be more aware of what they are authorizing.
Phishing Attacks and Cryptocrime
The phishing technique for crypto crime attacks is seeing its evolution. In fact, this romantic endorsement phishing scam is added to other phishing techniques such as email campaigns.
In this regard, last November, email phishing campaigns targeted OpenSea’s NFT marketplace and were aimed at both platform customers and developers.
In this case, while OpenSea was not hacked in any way, users received emails from a “fake OpenSea” containing malicious links. Users reported everything on social media and showed evidence of it.
On the contrary, the phishing attack that took place in early September targeted Vitalik Buterin’s X account, the co-founder of Ethereum, and resulted in the theft of $700,000 from users.
And indeed, Buterin’s compromised X account was used to promote a fake NFT commemorative coin. Users were invited to make these NFTs with a limited time offer.
Obviously, the provided link led to a phishing website that posed a significant threat to unsuspecting victims, using the “Pink drainer software” tool.
Among the stolen goods, there was also the theft of a precious Crypto Punk NFT worth 153 ETH, equivalent to $250,000 at the time.
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news
