You are currently viewing Chainalysis and crypto fraud: the explosive growth of phishing approval

Chainalysis has released a preview of its report on crypto frauds in 2024, with particular attention to the explosive growth of Approval Phishing. In fact, in 2023 alone, 374.6 million dollars were stolen. 

But what is targeted approval phishing?

Chainalysis and crypto fraud: the report on the strong growth of approval phishing in the last two years

In a preview of its new 2024 Crypto Crime Report“, focusing on crypto fraud, Chainalysis discussed the strong growth that approval phishing has experienced in the last two years.

“Phishing scams targeting approvals are on the rise, with many scammers using romantic scam tactics to trick victims into signing harmful TX. We estimate that victims have lost over $374 million in 2023. To learn more, check out our first preview of the Crypto Crime Report 2024.”

In practice, unlike other crypto scams, with targeted approval phishing, scammers induce the user to sign a harmful blockchain transaction. 

Specifically, the user’s signature gives the scammer’s address approval to spend specific tokens within their wallet, allowing them to empty the victim’s address of those tokens at their discretion. 

Usually, this technique involves three wallet addresses

  1. that of the victim who signs the transaction with approval to the second address to spend their funds;
  2. the second address which belongs to the phisher who will execute the transactions and transfer the funds to a third destination address;
  3. the third address will be the one that contains the stolen funds. 

This technique of crypto fraud has seen an explosive growth in the last two years, with at least 374 million dollars suspected to have been stolen in 2023. 

Chainalysis and crypto fraud: the development of dApps is behind the growth of approval phishing

Chainalysis continues to describe the growing technique of approval phishing associating it with romance scams to convince victims to sign approval transactions.

And indeed, behind this strong growth of the last two years of this type of crypto fraud, there is the increase of decentralized applications (or dApps) that require approval signatures to authorize smart contracts. 

Specifically, dApps that use smart contracts, such as Ethereum, require users to sign approval transactions that authorize the dApp’s smart contracts to move funds held by the user’s address.

With this new habit introduced to the user, phishers insert themselves to forward their signature requests for approval of their transactions which are, instead, harmful. 

In the investigations conducted by Chainalysis, it seems that the peak of income for suspected approval phishing scammers occurred in May 2022. In numerical terms, the estimated amount of stolen funds through this crypto fraud for the entire year 2022 should be $516.8 million. 

Not only that, the study highlights that the most successful approval phishing address has likely stolen $44.3 million from thousands of victim addresses. 

Chainalysis and crypto fraud: tips to avoid falling into the approval phishing trap

Chainalysis, the blockchain data platform that provides software, services, and research, has also explored how to address the problem of crypto fraud resulting from approval phishing. 

Through its analysis scheme of the addresses involved in this technique, Chainlysis invites crypto-exchange compliance teams to monitor the blockchain

The goal is to identify phishing suspects with a strong exposure to associated destination addresses.

Not only that, more generally, the blockchain platform invites the entire industry to work to educate users not to sign suspicious approval transactions, or to have more awareness of what they are granting.

Phishing attacks and crypto crime

The phishing technique for crypto crime attacks is seeing its evolution. In fact, this romantic phishing scam with approval is added to other phishing techniques such as email campaigns. 

In this regard, last November, email phishing campaigns targeted OpenSea’s NFT marketplace and were aimed at both platform customers and developers.

In this case, while OpenSea has not been hacked in any way, users have received emails from a “fake OpenSea” containing harmful links. Users have reported everything on social media, showing evidence of it. 

On the contrary, however, the phishing attack that occurred in early September targeted Vitalik Buterin’s X account, the co-founder of Ethereum, and resulted in the theft of $700,000 from users.

And indeed, Buterin’s compromised X account was used to promote a fake commemorative NFT coin. Users were invited to mint these NFTs with a limited-time offer. 

Obviously, the provided link led to a phishing website that posed a significant threat to unsuspecting victims, using the “Pink drainer software” tool. 

Among the stolen goods, there was also the theft of a precious Crypto Punk NFT valued at 153 ETH, equivalent to $250,000 at that time.