Crypto phishing losses fell by nearly half in February, but one approval scam alone cost a victim over $600,000, data shows.
Losses from crypto phishing attacks dropped 48% in February to $5.32 million, marking the third consecutive monthly decline from $10.25 million in January and $23.58 million in December, data from ScamSniffer shows.
In an X thread on March 5, the analysts revealed that a total of 7,442 victims lost their crypto funds due to phishing attacks in February, compared to 9,220 in January. The biggest losses came from targeted scams.
For instance, address poisoning, a type of attack where scammers manipulate transaction histories to trick users into sending funds to fraudulent addresses, led to a $771,000 loss in Ethereum (ETH). A permit scam cost another victim $611,000. Unrevoked phishing approvals on BNB Chain resulted in a $610,000 hit, while an “IncreaseApproval” attack, which tricks users into raising token spending limits for malicious contracts, drained $326,000.
ScamSniffer’s analysts pointed out a case where one victim only lost over $607,000 due to a phishing approval signed more than a year ago. The analysts urged users to revoke old approvals while gas fees on Ethereum are low.
The decline in losses could potentially signal better security awareness or fewer successful attacks, the analysts explain, though high-value scams are still happening.
As crypto.news reported earlier, February saw $1.53 billion in crypto losses, an 18x increase from a year ago, largely driven by a $1.46 billion Bybit hack. In a research report, blockchain security firm Immunefi explained that most of February’s losses came just from two incidents: crypto exchange Bybit, which lost $1.46 billion, and stablecoin bank Infini, which suffered a $49.5 million hack.
The remaining losses were spread across seven smaller attacks, with zkLend and Ionic Money losing $9.5 million and $8.6 million, respectively.
