Approval phishing, a deceitful tactic targeting crypto users, has been gaining prominence in recent years. Originally, this scam method involved distributing fraudulent crypto apps to victims. However, romance fraudsters, also known as pig butchering scammers, have now adopted and integrated approval phishing into their strategies. Chainalysis, a blockchain analysis firm, has identified a deliberate form of approval phishing by uncovering 1,013 addresses engaged in this fraudulent activity. These addresses were initially recognized through romance scam tactics, and further connections were found through similar transaction patterns.
According to Chainalysis, victims have incurred significant losses, estimated to be around $1 billion, due to approval phishing scams since May 2021. This estimate is based on on-chain patterns and may even include laundered scam funds. However, it is important to note that the actual losses are likely to be much higher, as romance scams are notoriously underreported, and Chainalysis started its analysis with a limited dataset.
The revenue of suspected approval phishing scammers peaked in May 2022, with victims losing an estimated $516.8 million to approval phishing. This figure decreased to $374.6 million from 2023 through November. Like other crypto-based crimes, a small number of highly successful actors drive the majority of approval phishing theft. One particular address is believed to have stolen $44.3 million from thousands of victims, constituting 4.4% of the total estimated stolen during the study period. The top ten approval phishing addresses collectively accounted for 15.9% of all stolen value, while the top 73 accounts were responsible for 50% of the total value stolen.
In approval phishing, scammers employ tactics to trick users into approving a malicious blockchain transaction. Once the approval is granted, the scammer gains permission to use specific tokens within the victim’s wallet. This enables them to deplete the victim’s address of those tokens at their discretion. To cover their tracks, approval phishers typically send the victim’s funds to a separate wallet from the one granted approval. This allows them to make transactions on the victim’s behalf without arousing suspicion.
The typical on-chain sequence of approval phishing follows this pattern:
1. The victim’s address signs the transaction approving the second address to spend its funds.
2. The approved spender address (the scammer’s address) initiates the draining transaction, moving the funds to a new destination address.
When transactions unfold in this manner, with the approved spender address initiating the draining transaction instead of the victim address as expected in a non-malicious transaction, it is highly likely a case of approval phishing. While this tactic is prevalent in centralized systems, approval phishers have found opportunities in decentralized apps (dApps) on smart contract-enabled blockchains like Ethereum. Exploiting the familiarity of many crypto users with signing approval transactions, these scammers take advantage of the permissions granted and the trust placed in the party receiving those permissions.
The rise of approval phishing poses a significant threat to crypto users worldwide. As scammers become more sophisticated in their tactics, individuals and organizations in the crypto space need to be alert and proactive in protecting themselves against these fraudulent activities.
Education plays a crucial role in preventing approval phishing scams. Users must be aware of the red flags and best practices for safeguarding their crypto assets. It is essential to verify the authenticity of any crypto apps or platforms before granting any permissions or sharing sensitive information. Additionally, staying updated on the latest trends in scams and frauds can help individuals identify potential threats and take necessary precautions.
Furthermore, collaboration between blockchain analysis firms like Chainalysis, law enforcement agencies, and crypto platforms is vital in combating approval phishing. By sharing data and insights, these entities can enhance their ability to identify and apprehend scammers involved in these fraudulent activities. Platforms can also implement additional security measures and improve user authentication processes to prevent unauthorized transactions.
Approval phishing is an evolving tactic employed by scammers to exploit crypto users. The financial losses incurred by victims and the sophistication of these scams highlight the urgent need for proactive measures to combat this growing threat. Through education, collaboration, and enhanced security measures, the crypto community can work together to protect users and ensure the integrity of the cryptocurrency ecosystem.