Cryptocurrency phishing attacks saw a decline in April with overall losses dropping 46% compared to March. However, this positive trend masks a concerning surge in scams targeting Coinbase’s Base chain, a layer-2 scaling solution built on Ethereum.
Data from blockchain security firm Scam Sniffer revealed a staggering 145% increase in phishing activity on the Base chain in April. This troubling trend places it at the center of two of the month’s ten largest crypto thefts and accounting for over 20% of the total stolen value.
The report also highlighted the continued dominance of ERC-20 tokens which is the standard for tokens on the Ethereum network – as the target of choice for scammers. A whopping 88% of stolen assets in April fell under this category.
Phishing attempts often exploit functionalities associated with ERC-20 tokens, such as “Permit,” “IncreaseAllowance,” and “Uniswap Permit2,” to trick users into unknowingly granting attackers access to their funds. Scam Sniffer emphasized the importance of thorough research before approving such actions within crypto wallets.
Scam Sniffer reported that a victim lost 85 Lido ETH due to an exploitation incident that took place five days ago. The attacker used a Uniswap Multicall contract and exploited the victim by using their legitimate source.
Unfortunately, this isn’t an isolated incident. Recent investigations by user McBiblets uncovered a concerning trend of deceptive phishing scam advertisements on Etherscan, a prominent blockchain explorer. These malicious ads pose a similar threat, potentially redirecting users to fraudulent websites designed to steal their crypto assets.
The current report identifies fake social media accounts, particularly on Twitter, as a prevalent method for scammers to spread their deceptive messages. These accounts attempt to lure unsuspecting users into phishing traps by mimicking popular projects and leveraging daily opportunities.
The evolving tactics employed by attackers further complicate the fight against crypto scams. Despite increased phishing alerts within wallets, scammers are actively finding ways to bypass them. Techniques like leveraging legitimate contracts like Disperse and Uniswap Multicall, along with variations of value normalization, are becoming more common.