Here’s How Much Crypto Users Lost to Phishing Scams in Q3

A recent report from Web3 security firm Scam Sniffer reveals that investors lost more than $127 million in cryptocurrencies during the third quarter of 2024. Approximately $46 million of that total was stolen in September alone.

🚨 ScamSniffer September Phishing Report
In September, around 10K victims lost approximately $46 million to crypto phishing scams.

In Q3 2024, phishing losses totaled $127 million with an average of 11K victims per month. Two major victims accounted for $87 million. 💸

🧵 [1/8] pic.twitter.com/T2OpXQ8Cqb

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 4, 2024

According to the report, about 10,800 individuals fell victim to phishing attacks in September.

Phishing Incidents Surge by 215%

In Q3, two significant phishing incidents led to losses totaling $87 million. Notably, Scam Sniffer reported a staggering 215% increase in phishing cases in August 2024. One of the incidents involved a single wallet that lost $55 million due to a phishing attack targeting proxy ownership.

The largest reported loss during the third quarter occurred on September 28, when a phishing attack utilizing a permit phishing signature drained 12,083 spWETH, amounting to $32.43 million. 

The attack was linked to the Inferno Drainer, a scam-as-a-service designed to deceive users into signing transactions that give scammers control over their wallets by masquerading as legitimate decentralized finance (DeFi) platforms. According to a dashboard from Dune Analytics, the Inferno Drainer has reportedly stolen over $230 million from more than 211,000 victims throughout its operation.

Scammers often trick investors into connecting their crypto wallets, such as MetaMask, to fraudulent services. The connection allows scammers to withdraw funds without needing further authentication.

Scam Sniffer identified Ethereum as the primary target of these phishing attacks. Other notable networks affected include Polygon, Binance Smart Chain, and Optimism.

MistTrack, a crypto tracking and compliance platform, noted that most phishing incidents arise from users clicking on malicious links from fake accounts on X, followed by phishing ads on Google. To safeguard against these threats, users are advised to refrain from clicking on unfamiliar links and to verify all signatures before approving transactions.

Crypto Hacks Exceed $753M in Q3 2024

In a related development, total losses from all crypto hacks in Q3 2024 have seen an uptick.

A recent report from cybersecurity firm CertiK revealed a 9.5% increase in overall financial damage, with over $753 million stolen across 155 incidents. Similar to phishing, the Ethereum network experienced the most security breaches, with 86 hacks, scams, and exploits resulting in over $387 million in losses.

🧵 Hack3D Report: Q3 2024 🧵

155 hacks, scams, and exploits drained $753,094,610 from Web3 in Q3 2024. This represents a 9.5% increase in value lost compared to Q2, despite fewer incidents.

🎥 Watch the breakdown in the video below.
📊 View the full report:… pic.twitter.com/WYhp7fGFCx

— CertiK (@CertiK) October 2, 2024

The report also highlighted a decline in asset recovery, with only 4.1% of stolen assets returned, compared to 14.4% in the previous quarter.