Approval Phishing Scams See “Explosive Growth,” Nearly $375 Million Stolen This Year Alone

Approval phishing scams are on the rise in the crypto space, with early $375 million stolen this year alone, according to new data from blockchain analytics firm, Chainalysis.

Malicious activity by approval phishing scammers on the blockchain

The new data comes from the organization’s upcoming 2024 report on crypto crime, which defines approval phishing as a scheme wherein a scammer “tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens inside the victim’s wallet.”

This access then allows “the scammer to then drain the victim’s address of those tokens at will.”

According to the data, an estimated $374 million was stolen in 2023 alone.

Data reveals over $1 billion lost to approval phishing scams

The crypto analytics firm shares that the new tactic is now more popular than traditional “pig butchering scams,” wherein a crypto fraudster exploits a victim by building trust in order to increase the amount of funds they can con them out of.

Moreover, Chainalysis says “Research suggests that approval phishers are now more and more targeting specific victims, building relationships with them and using tactics associated with romance scams to convince victims to sign approval transactions.”

Through tracking 1,013 addresses involved in approval phishing scams, Chainalysis estimates victims of the collected sample have lost an estimated $1 billion since May 2021 due to approval phishing scammers.

However, given the limited sample size and the fact that romance scams are “notoriously underreported,” Chainalyis estimates the collected data is “just the tip of a much larger iceberg.”

The blockchain analytics firm states that “the vast majority of approval phishing theft is driven by a few highly successful actors,” with the most successful scammer stealing nearly $45 million, representing 4.4% of all stolen currency during the time studied.

“The ten largest approval phishing addresses combined account for 15.9% of all value stolen during the time period studied, while the 73 biggest account for half of all value stolen,” the report states.

Recommendations for the future prevention

Given the commonality of approval transactions across decentralized apps, “approval phishers can take advantage of the fact that many crypto users are used to signing” them as a means of gaining access to funds.

In part, the data analytics firm suggests monitoring conducted by exchange compliance teams in order to better track down approval phishing scams as they happen.

Lastly, Chainalysis suggests the industry could “work to educate users not to sign approval transactions unless they’re absolutely sure they trust the person or company on the other side.”

Image Source: Unsplash