Crypto phishing scams claimed around $46 million from approximately 10,805 victims in September 2024. The alarming rise in phishing attacks contributed to a staggering $127 million in total losses during Q3 2024. An average of 11,000 victims each month suffered from such scams, with two major victims alone accounting for $87 million in losses. The largest case involved a victim who lost $32 million by signing a fraudulent permit signature. Scam Sniffer, a crypto anti-scam platform, shared the report through a social media platform, X.
Notable Incidents of Crypto Theft in Q3 2024
Within three minutes, another major phishing attack saw a victim lose 12,083 spWETH, ($32.43) million. Similarly, another individual lost $1 million by copying a contaminated address from a transfer history. These incidents highlight the growing sophistication of phishing techniques that exploit unsuspecting users in the crypto space.
According to data from MistTrack, a pivotal contributor to phishing incidents stems from victims clicking on phishing links shared by fake accounts on X (formerly Twitter). Additionally, Google phishing ads have significantly led users to malicious websites where their crypto wallets are compromised. The increasing frequency of such cases has prompted numerous victims to seek help from tracking agencies like MistTrack and SlowMist in recovering stolen assets.
Leading Causes of Crypto Theft in Q3 2024
Private key leaks were identified as the top cause of crypto theft during Q3 2024. Many victims mistakenly purchased accounts from unreliable sources and stored their private keys in easily accessible places such as cloud storage or phone notes.
In one notable case, a victim lost all of their crypto holdings after storing private keys in an iPhone’s notes, which the scammer later accessed. Other common issues included downloading fake apps or falling prey to Trojan viruses, which compromised wallet permissions and led to significant financial losses.
To safeguard against phishing attacks, ScamSniffer advises users to optimize their security settings, install trusted extensions, and integrate phishing domain and address blocklists. Additionally, users should be cautious about storing private keys and avoid copying addresses from transfer histories to prevent contamination. Several investigation agencies, including MistTrack and Crypto Fund Investigators, provide support for tracking stolen assets, but users should remain wary of services that guarantee 100%.