How 2 Wallet Errors and Phishing Attacks Cost Crypto Users $62M

In January, a crypto user lost $12.25 million by copying the wrong wallet address. In December as well, another one ended up losing $50 million in a similar way.

Together, the two incidents cost $62 million, according to the popular Web3 security solution, Scam Sniffer.

Crypto Blunders

Signature phishing attacks also surged in January. In fact, Scam Sniffer found that $6.27 million was stolen from 4,741 victims, which is a 207% increase from December. The largest cases involved $3.02 million from SLVon and XAUt via permit/increaseAllowance, and $1.08 million from aEthLBTC via permit.

Two wallets alone accounted for 65% of all phishing losses.

Address poisoning is a scam where attackers send small transactions from wallet addresses that closely resemble real ones, hoping users copy the wrong address from their transaction history. This can lead to funds being sent directly to scammers by mistake. Signature phishing further increases the risk by tricking users into signing malicious approvals that give attackers permission to move funds later. As such, these tactics rely on social engineering and human error, and may make even experienced users vulnerable.

In November last year, a crypto holder lost over $3 million worth of PYTH tokens after mistakenly sending funds to a scammer’s wallet. The error occurred when the victim copied a fake deposit address from their transaction history.

Blockchain analysts at Lookonchain said the attacker created a lookalike address matching the first four characters of the real wallet and sent a tiny SOL transaction to appear legitimate. The victim later transferred 7 million PYTH tokens without fully verifying the address and fell victim to an address poisoning attack. The transferred stash was worth about $3.08 million at that time.

Coordinated Multisig Scam Attempt

Amidst the growing frequency of such attacks, the non-custodial wallet, Safe, formerly known as Gnosis Safe, also issued a warning for its users about a large-scale address poisoning and social engineering campaign targeting multisig wallets. According to the platform, attackers created thousands of lookalike Safe addresses to trick users into sending funds to the wrong destination. It disclosed that the incident was not a protocol exploit, infrastructure breach, or smart contract vulnerability.

Safe identified around 5,000 malicious addresses, which have now been flagged and removed from the Safe Wallet interface to reduce the risk of accidental fund transfers.

The post How 2 Wallet Errors and Phishing Attacks Cost Crypto Users $62M appeared first on CryptoPotato.