According to Scam Sniffer, scammers stole $55 million worth of cryptocurrency in January alone and set up more than 11,000 phishing websites.
Notably, most of these thefts occurred on the Ethereum mainnet, with Arbitrum, BNB, Optimism, and Polygon closely behind.
In a recent Feb. 9 thread on X, Scam Sniffer highlighted a concerning trend observed in January, noting a surge in phishing attacks coinciding with heightened activity within crypto communities following a series of airdrops in the previous month.
These scams, often occurring alongside airdrops and other project activities, have impacted around 40,000 individuals.
According to Scam Sniffer, fraudsters created the phishing websites in January, impersonating various projects such as Manta Network, Frame, SatoshiVM, AltLayer, Dymension, zkSync, Pyth, OpenSea, Optimism, Blast, and others.
Their efforts proved successful, with the top seven victims losing $17 million in total owing to phishing signatures such as ERC20 Permit, Create2, increaseAllowance, and Swap.
Scam Sniffer reported that hackers commonly exploited the ERC-20 Permit function, tricking users into unknowingly transferring funds from their non-custodial wallets under the guise of legitimate operations.
Additionally, perpetrators increasingly leveraged the increaseAllowance function, enabling them to manipulate token allowances granted to malicious smart contracts. The scammers also used Create2 to create temporary addresses, helping fraudsters evade detection.
Many individuals fell victim to these scams due to cybercriminals actively posting fake comments on various platforms, posing as legitimate projects like Optimism and zkSync.
Throughout 2023, scammers and hackers executed numerous cyberattacks and rug pulls, resulting in the theft of $1.9 billion worth of cryptocurrency, as reported earlier by CryptoPotato.
De.Fi’s REKT database documented at least 455 incidents in 2023, with the largest hack amounting to $231 million, attributed to Multichain. Meanwhile, efforts of cybersecurity experts and white hat hackers led to the recovery of approximately $200 million from the overall sum.
Ethereum took the lead in the frequency of hacks, contributing to over 70% of the stolen funds in five out of twelve months in 2023. The year’s most detrimental vulnerability was Access Control, accounting for half of all stolen funds, whereby hackers’ or insiders’ unauthorized access to hot wallets led to significant losses, averaging $31 million per incident. Flash Loan attacks followed closely, resulting in a total stolen amount slightly exceeding $275 million.