Crypto investors faced a significant increase in so-called 'signature phishing' attacks in January, with losses soaring over 200%.

According to data from Scam Sniffer, a blockchain security company, signature phishing attacks drained about $6.3 million from user wallets in the first month of the year. Although the gross number of victims fell by 11%, the total amount stolen rose by 207% compared to December.

Signature phishing and address poisoning caused losses in January

This divergence indicates a tactical shift among cybercriminals towards “whale hunting.” The strategy consists of focusing on a smaller group of high-net-worth individuals instead of targeting numerous retail investor accounts.

Scam Sniffer reported that only two victims accounted for nearly 65% of the total losses from signature phishing in January. In the largest incident, a user lost $3.02 million after signing a malicious function called “permit” or “increaseAllowance.”

These mechanisms grant third parties unlimited access to move tokens from the wallet. Thus, attackers can drain assets without the user manually approving each new transaction.

While signature scams rely on confusing permissions, a distinct and equally harmful threat known as “address poisoning” also worries the sector.

In an extreme case of this type of fraud, a single investor lost $12.25 million in January by sending resources to a fraudulent address.

Address poisoning exploits the user's habit of copying and pasting addresses. The perpetrators create “vanity” addresses that mimic the first and last characters of a legitimate wallet, found in the victim's transaction history.

The criminal expects the user to paste the compromised address directly from this history without checking the entire sequence of characters.

In light of the increase in these cases, Safe Labs, responsible for the popular multisig wallet previously known as Gnosis Safe, issued a security alert. The company pointed out a coordinated social engineering campaign against its user base, employing around 5,000 malicious addresses.

“We identified a coordinated effort by malicious agent(s) to create thousands of similar Safe addresses, designed to deceive users and induce them to transfer resources to the wrong destination. This is social engineering combined with address poisoning,” the company stated.

As a consequence, the company advised that the entire alphanumeric sequence of any recipient address should always be checked before making high-value transfers.

The article Losses from phishing scams in crypto rise 200% was first seen on BeInCrypto Brazil.