© Reuters.
Investing.com – As 2023 draws to a close, blockchain data platform Chainalysis today announced the results of its research into phishing scams over the past year. This technique, in which fraudsters trick their victims into signing a blockchain transaction that allows them to spend specific tokens in the victim’s wallet, has led to thefts of at least $374 million over the course of 2023 While this figure is significant, it represents a 27% decrease from the $516.8 million stolen in 2022 with this type of scam.
Chainalysis experts believe that the success of phishing can be attributed to the fact that many decentralized applications (dApps) on smart contract-based blockchains, such as , require users to sign approvals to give the dApps’ smart contracts access. permission to move funds from the user’s address. “While approvals granted to protect dApps are generally safe, criminals can take advantage of the fact that many cryptocurrency users are accustomed to approving transactions. The key difference is the type of permissions given and how reliable they are of the party receiving this authorization,” explains Eric Jardine, head of cybercrime research at Chainalysis.
The study also suggests that these criminals are increasingly targeting specific victims, establishing relationships with them, and using tactics related to romance scams to convince them to sign releases. It also raises concerns about the volume of funds scammed using this method, which could be significantly higher than the $1 billion detected by Chainalysis since May 2021, given that romance scams are often personalized, difficult to be verified on the blockchain and under-declared.
Interestingly, like many other cryptocurrency crimes, the vast majority of phishing thefts are carried out by certain very successful groups. Of the 1,013 addresses that Chainalysis detected in this type of scam, it appears that the top-performing phishing address likely stole $44.3 million from thousands of victim addresses, representing 4. 4% of the total. The top ten phishing addresses combined accounted for 15.9% of the total value stolen, while the top 73 accounted for half of the total value stolen during the period analyzed.
When it comes to how the cryptocurrency industry can address this issue, Chainalysis highlights the need to educate users and use pattern recognition practices. “Since these fraudsters typically withdraw money using centralized exchanges, compliance teams at these service providers could monitor the blockchain for suspicious phishing consolidation wallets with high exposure to target addresses. They could then see in real time when funds are moving through their platform and take action, such as automatically freezing funds or notifying law enforcement,” Jardine explained.
“More generally, the industry can work to educate users not to sign approvals on transactions unless they are absolutely sure they trust the person or company they are with are in contact, or that they understand the level of access they are granting,” concludes Mr. Jardine.