Impersonated accounts on X (formerly Twitter) have been blamed for the majority of cryptocurrency phishing attacks last month, with victims losing almost $47m.
Anti-fraud specialist Scam Sniffer claimed in its monthly Scam Sniffer Phishing Report that cybercriminals stole nearly $46.9m from just over 57,000 victims.
Most of these individuals were lured to phishing sites by fake X accounts spoofed to appear as if legitimate high-profile accounts. These typically leave comments on victims’ posts to lure unsuspecting cryptocurrency holders.
Ethereum mainnet accounted for 78% of the total volume of thefts, which focused primarily on ERC20 tokens (86%), Scam Sniffer said in a series of social media posts.
Read more on crypto-drainer scams: Crypto Drainer Steals $59m Via Google and X Ads
“Most of the thefts of all ERC20 tokens were due to assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2,” it continued.
These mechanisms enable users to interact with smart contracts without requiring prior authorization, by attaching an authorization signature. However, they are increasingly being hijacked by phishing actors.
Scam Sniffer warned that most of the wallet drainer attacks it has observed are now using safe or “account abstraction” wallets for token approvals. Account abstraction is meant to enhance smart contract compatibility for Ethereum wallets, but once again is being manipulated by bad actors in attacks.
However, despite the large volume of stolen funds in February, the number of victims losing over $1m dropped by 75% from the previous month.
It’s not just fake X accounts cryptocurrency holders need to beware of these days. The developers of a popular crypto wallet have warned users not to fall for a scam app on the Apple App Store which contains crypto-drainer malware.
The makers of the Leather wallet took to X last week to urge users not to fall for the scam and to only download the wallet from its official website.
“The Leather Wallet app currently in the iOS store is FAKE. Do not download it, and definitely do not input your seed phrase. We promise we'll let you know once our mobile app is actually ready,” they said.