Hackers, the nightmare of crypto currency investors, have pulled off a major heist around popular projects such as Dymension (DYM), OpenSea, Manta, and more. The Web3 security firm Scam Sniffer published a recent report highlighting the increase in phishing attacks, noting that over $55 million was lost just in the month of January. These crypto currency scams, often linked to airdrops and project events, are becoming more widespread by the day.
The Endless Cycle of Crypto Fraud
As a Web3 security firm, Scam Sniffer has released a report drawing attention to the alarming situation in the crypto currency space. It revealed an increase in phishing attacks targeting various projects on Ethereum Virtual Machine (EVM) chains.
Particularly in January of 2024, it was discovered that over $55 million was stolen through these deceptive interfaces, with the top 7 wallet owners involved in the incident losing $17 million.
These fraud incidents, often coinciding with airdrops and similar hype-driven projects, have turned into a widespread event affecting 40,000 people.
More importantly, it’s reported that the hackers behind these incidents have created over 11,000 phishing sites. These sites particularly imitate recent high-profile projects like Dymension (DYM), OpenSea, and Manta Network.
At the heart of these incidents are ERC20 Permit and increaseAllowance. It seems that the victims unknowingly sign contracts, which are exploited due to security vulnerabilities, leading them to inadvertently direct malicious transactions.
How Does the Fraud Occur?
Scam Sniffer’s detailed report presents a disturbing model that delves into how these phishing attacks are carried out. Most thefts arise as a result of targeting the Ethereum mainnet, but significant losses also occur on other chains such as Arbitrum, BNB, Optimism, and Polygon.
As mentioned earlier, phishing websites have become the primary tool used to deceive unsuspecting investors and facilitate fraud.
These malicious websites, generally exact copies, create a clone of reputable projects and mimic them, exposing sensitive user information while directing them to enable theft transactions.
