At least $3M lost in crypto phishing attacks over the weekend

Blockchain analysts found at least three large-scale phishing cases over the past weekend, each costing three victims around $3 million worth of crypto assets. These incidents are yet another reminder of the importance of being careful when signing a transaction.

The largest theft, identified by anti-scam solution provider Scam Sniffer over the past weekend, cost the victim around $1.54 million in crypto assets after a batch transaction of tokens was signed, sending the funds to criminals.

"The victim signed EIP-7702 [a token standard] phishing batch transactions that contained multiple token transfers and [non-fungible token, NFT] approval operations," Scam Sniffer said.

This theft followed another phishing attack during which another victim lost $1 million in various tokens, including NFTs. The criminals once again tricked their victim into signing batch transactions disguised as swaps on the Uniswap decentralized crypto exchange.

Meanwhile, on Monday morning (UTC time), someone lost almost $500,000 worth of tokens after signing a "permit" phishing signature, the anti-scam specialist said.

"It's becoming a joke now. People who do such big transactions should be more diligent and use tools to make sure everything is correct," @Gangsterhome reacted on X.

According to Scam Sniffer, measures such as double-checking all signature requests, never rushing into signing transactions, and educating oneself via platforms such as Unphishable might help crypto users protect their funds from phishing attempts.

Moreover, criminals are becoming more creative in the ways they hunt for their victims. For example, expired Discord invites have been used by scammers, potentially turning "official" bookmarks into phishing attempts.

Also, Scam Sniffer has found that phishing ads in Google Search are now using Google Sites to host fake decentralized finance (DeFi) platform interfaces.