Approval phishing scams have been used to steal at least $1bn in cryptocurrency since May 2021, according to a new report by Chainalysis.
The researchers estimates that this technique, which is frequently used by romance scammers, has led to crypto users losing at least $374m so far in 2023.
Approval phishing is a type of crypto scam in which attackers attempt to trick targets into signing a malicious blockchain transaction that gives their address approval to spend specific tokens inside the victim's wallet.
This allows the scammer to drain the victim's address of these tokens at will, with some targets losing tens of millions.
Once the victim signs the transaction, generally the phisher sends the funds to a separate wallet from the one they approved.
The technique is less well-known than typical crypto scams, which usually involve a phony investment opportunity or impersonation.
The report found that approval phishers are increasingly targeting specific crypto users, building relationships with victims and often using romance scam techniques to convince them to sign approval transactions.
The vast majority of approval phishing theft is driven by a few highly successful actors, according to the analysis.
The most successful address is believed to have stolen $44.3m from thousands of victim addresses, representing 4.4% of the total amount of cryptocurrency stolen during the period studied.
The ten largest approval phishing thefts accounted for 15.9% of the value stolen, with the 73 biggest accounting for half.
Chainalysis believe the actual losses from this scam could be far higher, as romance scams are notoriously underreported.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 14 Dec 2023 14:00:16 +0000