Chainalysis has identified approval phishing as a technique, specifically in the form of romance scams, that is rapidly growing in crypto scams. Eric Jardine, Cybercrime Research Lead at Chainalysis, commented on the phenomenon.
Crypto Scams and Eric Jardine’s comments from Chainalysis on the approval phishing technique
Eric Jardine, Cybercrime Research Lead at Chainalysis, has released some comments regarding Approval Phishing, the crypto scam technique that is growing explosively in recent times.
In fact, it is estimated that only in 2023, hackers carried out cryptocurrency thefts worth at least $374 million. Although this figure may seem considerable, it represents a 27% decrease compared to the estimated value in 2022, which was $516.8 million.
In practice, through approval phishing, scammers manage to gain complete access to the victims’ wallet by signing a fraudulent blockchain transaction.
This technique was mainly used for “romantic scams”, as it convinces the victim to sign fake approval transactions.
The success of approval phishing can be attributed to the fact that many decentralized applications (dApps) enabled for smart contracts, such as Ethereum, require users to sign approval transactions to move funds in their possession.
In this regard, Jardine commented as follows:
“Although the approvals granted to dApps are generally secure, scammers take advantage of the fact that many users are accustomed to accepting this type of request. What differentiates a safe operation from a riskier one is the level of authorization granted and the reliability of the recipient of such authorization.”
Crypto scam and explanations from Chainalysis’ Cybercrime Research Lead on approval phishing
Among the other key aspects of approval phishing, it seems that there is the specific choice of the victim by the scammer, just like with romance scams.
It could happen, in fact, that scammers manage to build personal relationships with the victims to gain their trust and then make them sign the fraudulent transaction.
This customization of the scammer-victim relationship could bring difficulties in tracking and verifying such transactions on the blockchain.
Anyway, Chainalysis also explains that in order to fight this type of crypto scam, the cryptocurrency industry should educate its users more.
In this regard, Jardine commented as follows:
“Since these scammers usually cash out using Centralized Exchanges, it is possible to monitor the blockchain to identify suspicious wallets. Compliance teams responsible for protecting users could then see in real-time the movements made on these wallets and take actions such as automatically freezing the funds or reporting them to law enforcement.”
And then he added:
“In a broader sense, the industry can work to educate users about the level of access they grant every time they approve a transaction, reiterating the importance of not accepting such requests unless there is absolute trust in the person or company they are dealing with.”
The phishing attack on Vitalik Buterin’s X account
The phishing techniques are diverse, and besides the approval phishing that, according to Chainalysis, is gaining ground in the crypto sector in recent years, the most common one remains the phishing attack via email.
Among the most sensational email phishing attacks in recent times, there is the one that occurred last September 2023, to Vitalik Buterin’s X account, the co-founder of Ethereum. The scammers managed to steal $700,000 from users.
In practice, Buterin’s compromised X account was used to promote a fake commemorative NFT coin. Users were invited to mint these NFTs, with a limited-time offer.
Through the “Pink drainer software” tool, scammers managed to steal from victims who clicked on the phishing website link, unaware that it was a crypto scam.