A whopping $41 million has been lost in October to this point resulting from the increasing influx of phishing attacks. Many of the phishing operations throughout the crypto space normally involve engaging users in signing actions through their crypto wallets, to approve contracts or linking permissions.

Making false tokens that seem like real wallet tokens is one typical phishing method used to pilfer cryptocurrencies from victims’ wallets. Particularly harmful is permit phishing because it lets several highly invaluable tokens be transferred concurrently.

🚨 3 hours ago, one other victim lost $1.57M after signing a “permit” phishing signature.💸 pic.twitter.com/wDGZIMdJ7N

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 15, 2024

Phishing: Hackers Getting Smarter

An example is a wallet breach with $1.39 million price of meme tokens. Although such ransom attacks will not be latest, they picked up the pace just in the previous couple of days of October, which correlates with increased user activity.

🚨 25 mins ago, a PEPE holder lost $1.39M price of PEPE, MSTR, and APU after signing a “permit2” phishing signature.💸 pic.twitter.com/Wf4nd8eFxl

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 13, 2024

Most such attacks occur on the Ethereum blockchain, which may be very liquid and uses well-known smart contracts. Most hackers use open-source contracts to plan malicious links or develop quite realistic-looking smart contracts for unsuspecting individuals to click.

Hacked Social Media Accounts Spread Fake Links

Crypto has seen loads of activity on X and similar platforms, which makes X user accounts now the largest goal for hackers. The difficulty is especially high in October, because the meme token frenzy would overlap with a broader market recovery. Hacked X accounts, especially those of influencers or meme token projects, share links deceiving users into connecting their wallets.

As of today, the market cap of cryptocurrencies stood at $2.27 trillion. Chart: TradingView.com

The link might empty the wallets, even from a straightforward “connect wallet” click. Some malicious links may be token recovery or anti-hack tools. Other fake links also resemble and mimic advertisements from engines like google, corresponding to Google, which ask people to attach their wallets to latest blockchains. Subsequently, all essential testing for authenticity needs to be done with empty wallets.

Exploits In Airdrop And Promoting

Phishing schemes at all times employ interest in airdrops or point farming to boost the guard and acquire wallet permissions. Recently, hackers stole an X account related to the SPX6900 meme token, which may need put the buyers liable to malicious addresses.

Malicious links may appear as if harmless offers or download links targeting people preparing their wallets for trading meme tokens but these events will grow to be more prevalent as more users begin filling the meme token space.

Social media scam ads, fake comments, botched Discord servers, and expired invitation links are additional risks. One attack can swallow your wallet, one other might do lots more damage that could possibly be beyond your crypto wallet.

Featured image from Wisevu, chart from TradingView