Phishing Attacks Emerge as Top Threat for Crypto Traders

- Wallet drainer malware stole approximately $494 million from over 300,000 victims in 2024, a 67% increase in stolen funds from the previous year, indicating that attackers are successfully targeting higher-value wallets. - The memecoin frenzy on the Base network led to a 1,880% surge in funds stolen via phishing scams in March 2024 compared to January 2024, with losses in March alone reaching $3.35 million. - Solana's architecture makes it a prime target, as its SPL token standard allows for direct transfers with a single signature, unlike Ethereum's two-step `approve` and `transferFrom` process, meaning one wrong signature can drain all assets. - Attackers frequently exploit the "ERC20 Permit" function, a gasless approval method, to gain access to funds. In one 24-hour period, phishing attacks on Base leveraging this and similar signature requests resulted in the theft of $1.2 million in AERO and over $846,000 in DEGEN tokens from just two victims. - A primary distribution method for these scams involves fake X (formerly Twitter) accounts impersonating influencers or projects to post malicious links; Scam Sniffer detected over 1,500 such incidents in March 2024. - Malicious smart contracts often contain red flags such as being unverified on block explorers, or they request dangerous permissions like "SetApprovalForAll," which grants the contract unlimited access to all of your NFTs and tokens. - The rise of "Drainer-as-a-Service" (DaaS) platforms allows scammers to rent sophisticated wallet-draining scripts in exchange for a percentage of the stolen funds, typically around 20%, fueling the proliferation of these attacks. - The AI narrative is being co-opted by scammers who use social media ads to promote fake "AI investment algorithms," luring victims into long-term social engineering scams known as "pig butchering" to build trust before stealing funds.