October has seen a significant rise in phishing attacks in the cryptocurrency space, with a total of $41 million lost so far this month. These phishing operations typically involve users being convinced to sign actions through their crypto wallets, such as approving contracts or linking permissions.
One common phishing method is the creation of false tokens that resemble real wallet tokens, enabling hackers to steal cryptocurrencies from victims’ wallets. Permit phishing, in particular, allows hackers to transfer several highly valuable tokens simultaneously. Ethereum blockchain is often the target of these phishing attacks, as it is a liquid platform with well-known smart contracts.
Hackers typically use open-source contracts to develop malicious links or realistic-looking smart contracts to deceive unsuspecting users into clicking them. Hacked social media accounts have also been used to spread fake links, tricking users into connecting their wallets. Malicious links can appear as token recovery tools, anti-hack measures, or even advertisements from search engines like Google.
It is essential to test for authenticity before connecting wallets. Phishing schemes often exploit interest in airdrops or point farming to obtain wallet permissions. Hackers have recently stolen an X account associated with the SPX6900 meme token, potentially putting buyers at risk. Social media scam ads, fake comments, botched Discord servers, and expired invitation links are additional risks to be aware of.
