Investing.com - With 2023 coming to a close, Chainalysis, the blockchain data platform, today announced the results of its research into phishing scams over the past year. This technique, in which fraudsters trick their victims into signing a blockchain transaction that allows them to spend specific tokens within the victim's wallet, led to thefts of at least $374 million over the course of 2023. While this figure is significant, it is a 27% drop from the $516.8m stolen in 2022 with this type of scam.
Chainalysis experts believe that the success of phishing can be attributed to the fact that many decentralised applications (dApps) on smart contract-enabled blockchains, such as Ethereum, require users to sign approvals to give the dApps' smart contracts permission to move funds from the user's address. "While approvals granted to protect dApps are generally secure, criminals can take advantage of the fact that many cryptocurrency users are accustomed to approving transaction approvals. The key difference is in what kind of permissions are given, and the trustworthiness of the party receiving that permission," explained Eric Jardine, Cybercrime Research Lead at Chainalysis.
The research also suggests that these criminals are increasingly targeting specific victims, building relationships with them and using tactics related to romance scams to convince them to sign approvals. This also raises concern about the volume of funds scammed using this method, which could be significantly higher than the $1bn detected by Chainalysis since May 2021, given that romance scams are often personalised, difficult to verify on the blockchain and under-reported.
Interestingly, like many other cryptocurrency crimes, the vast majority of phishing thefts are driven by certain highly successful groups. Of the 1,013 addresses Chainalysis detected in this type of scam, it appears that the most successful phishing address likely stole $44.3 million from thousands of victim addresses, accounting for 4.4% of the total. The top ten phishing addresses combined accounted for 15.9% of all value stolen, while the top 73 accounted for half of all value stolen in the period analysed.
Regarding how the cryptocurrency industry can address this problem, Chainalysis highlights the need to educate users and employ pattern recognition practices. "Given that these fraudsters generally withdraw money using centralised exchanges, compliance teams at these service providers could monitor the blockchain for suspicious phishing consolidation wallets with strong exposure to target addresses. They could then see in real time when funds move onto their platform and take action, such as automatically freezing funds or informing law enforcement," Jardine explained.
"More generally, the industry can work on educating users not to sign approvals on transactions unless they are absolutely sure that they trust the person or company they are in contact with, or that they understand the level of access they are granting," Jardine concludes.
Translated from Spanish using DeepL.