Phishing attacks continue to plague cryptocurrency markets in 2024, leading to substantial losses. Certik reports damages amounting to $800M for the year to date. This article explores attack techniques and prevention methods.
Current Threats and Scale of Losses
Phishing attacks in the crypto space remain a pertinent threat. A record number of major incidents have been reported this year. Certik reports $800M in losses, highlighting an increase in attack frequency as the crypto market appreciates. In October alone, there were 26 significant attacks, with seven more by mid-November. Often, the attacks target large-scale wallets, leading to deeper losses. However, scammers employ a wide array of smaller attacks on numerous wallets within the platform.
Phishing Techniques and Countermeasures
Certain attacks involve address poisoning, posing serious challenges for crypto asset holders. Various techniques are employed, including fake copied addresses. One attack resulted in a $110K loss after the attacker spoofed the original transaction by introducing a fake address. Another scam led to a $220K loss after a malicious link convinced users to permit wallet access. Most attention is given to the Ethereum and Solana ecosystems. Users frequently engaging with multiple protocols are susceptible to phishing, especially vulnerable in multi-asset wallets.
Certik's Role in Combating Phishing
Certik closely monitors phishing methods like 'ice fishing', which use fake links to trick users into granting access to their wallets. These techniques exploit user trust in wallets and permitted access. Certik advises checking wallet permissions with legitimate tools, not third-party links. Certified services like the Etherscan token approval protocol help revoke suspicious permissions. We find that decentralized exchanges and lending protocols are especially vulnerable and most commonly targeted by attacks.
Phishing attacks remain a significant threat to crypto asset holders. Certik is actively working to reduce these attack vectors by providing users with secure methods for wallet management and protection strategies.
