Decline in Approval Phishing Scam Profits
Chainalysis, a blockchain data firm, has released its 2023 research findings on ‘approval phishing’ scams in the cryptocurrency realm. The report shows that crypto criminals amassed at least US$374 million through these scams over the year. Notably, this amount represents a 27% decrease from the US$516.8 million stolen in 2022 using the same scam method.
Mechanics of Approval Phishing Scams
Approval phishing scams involve deceiving individuals into signing malicious blockchain transactions, granting scammers access to spend specific tokens within the victims’ wallets. This scam type exploits the nature of decentralized apps (dApps) on smart contract-enabled blockchains like Ethereum, which require user approval transactions to allow dApps’ smart contracts to move user funds.
Chainalysis Insights on Scam Operations
According to Eric Jardine, Cybercrime Research Lead at Chainalysis, approval phishers have been increasingly targeting specific victims and employing relationship-building tactics, akin to romance scams, to convince targets to sign approval transactions. This trend raises concerns about the actual volume of funds stolen, as romance scams are challenging to verify on-chain and often go underreported.
Impact of Few, Highly Successful Actors
Chainalysis’ analysis revealed that a small number of highly successful actors drive a significant portion of approval phishing thefts. Of the 1,013 addresses identified in such scams, the most successful address alone likely stole US$44.3 million, accounting for 4.4% of the total estimated theft during the study period. The ten largest phishing addresses collectively accounted for 15.9% of all value stolen, with the top 73 accounting for half of the total value stolen.
Strategies to Combat Approval Phishing Scams
To address the issue of approval phishing scams, Chainalysis emphasizes the need for user education and the implementation of pattern recognition tactics. The firm suggests that compliance teams at centralized exchanges could play a pivotal role by monitoring the blockchain for suspected phishing consolidation wallets and taking proactive measures such as freezing funds or alerting law enforcement when these wallets transfer funds to their platforms.