Tag:

Phishing

Crypto Phishing Attacks Surge In August As Losses Hit $12.17M

by admin September 7, 2025

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

Prominent web3 security outfit Scam Sniffer reports that crypto investors suffered an increased number of phishing scams in August. Notably, total assets lost to these scams during the last month represent an estimated 72% increase from July, representing a concerning development for the general crypto industry.

Crypto Whales Take Biggest Hit From Phishing Attacks

In an X post on September 6, Scam Sniffer provides an August 2025 security report covering phishing attacks on crypto wallets. The blockchain security firm notes that 15,230 victims lost a combined $12.17 million from all forms of phishing-related attacks. This data indicates a 72% increase in stolen funds and a 67% rise in victims compared to July’s $7.09 million in losses and 9,143 victims.

For context, phishing often involves fake websites, malicious smart contracts, or deceptive wallet prompts that trick users into giving hackers access to their digital assets. Once approved or shared, the funds are usually stolen instantly and cannot be reversed.

While phishing attacks often target retail investors, August’s data from Scam Sniffer highlights the disproportionate impact on crypto “whales.” ScamSniffer revealed that the top three single incidents drained $3.08 million, $1.54 million, and $1.00 million, respectively, totaling $5.62 million. Collectively, these cases made up 46% of overall monthly losses, demonstrating how hackers increasingly focus on high-value wallets.

Source: @realScamSniffer on X

The August report also draws attention to a new wave of batch-signature scams enabled by Ethereum’s EIP-7702 upgrade. EIP-7702 temporarily allows externally owned addresses (EOAs) to function like smart contract wallets.

This means users can access smart contract–level features without migrating to a new address. With EIP-7702, actions such as batching multiple transactions, setting automated spending caps, or integrating passkeys become seamless for everyday Ethereum interactions.

However, malicious actors have now exploited this mechanism to trick users into authorizing malicious bulk transactions, often bundled with legitimate requests. In parallel, attackers continue to exploit direct transfer scams, luring victims into sending funds straight into phishing contracts.

These vectors are harder to detect than traditional phishing attempts, as they appear embedded within standard DeFi and NFT interactions.

Crypto Market Overview

At press time, the total crypto market cap is presently valued at $3.77 trillion following a 0.16% gain in the past day. According to data from Chainalysis, over $2.17 billion was stolen from cryptocurrency wallets in the 2025 H1, which was higher than the total losses from 2024. This heightened figure, as well as the increased phishing losses in August, all reinforce the broader need for blockchain security, striking a balance between utility and protection against malicious actors.

Total crypto market cap valued at $3.77 trillion on the daily chart | Source: TOTAL chart on Tradingview.com

Featured image from Forbes, chart from Tradingview

Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Source link

September 7, 2025 0 comments

NFT Gaming

Venus Protocol recovers $13.5M lost in phishing attack

by admin September 3, 2025

Venus Protocol has recovered funds lost in a phishing attack after swift intervention involving a governance vote.

Summary

A Venus Protocol whale wallet was drained in a phishing attack which led to an estimated $13.5 million loss
Venus paused the protocol and used governance powers to liquidate the attacker’s positions.
The recovery steadied XVS price, but raised questions about decentralization in crisis management.

Venus Protocol, one of the largest lending platforms on BNB (BNB) Chain, has recovered around $13.5 million lost in a phishing incident. The update was shared by the platform on Sept. 3, confirming the assets had been fully restored.

Whale wallet compromised

On Sept. 2, a high-value Venus user lost control of assets worth around $13.5 million after approving a malicious transaction. Security firms initially estimated losses of up to $27 million, but they later modified these figures to take the user’s debt position into consideration.

Among the stolen assets were wrapped Bitcoin (BTCB), vUSDT, vUSDC, vXRP, and vETH. Notably, this was a user-level compromise rather than a breach of Venus’ smart contracts, demonstrating the ongoing risk of social engineering even in DeFi.

Swift response and recovery

In order to prevent the attacker from moving funds or closing positions, Venus instantly paused the protocol. The pause stopped the exploiter’s activity and bought time for an emergency governance vote.

By approving the forced liquidation of the attacker’s holdings, the community was able to secure the stolen assets before they could be mixed or bridged.

Update: Venus Protocol has been fully restored (withdrawals and liquidations resumed) as of 9:58PM UTC. ✅

The lost funds have been recovered under Venus’ protection. ✅ https://t.co/y2uUwPqmtb

— Venus Protocol (@VenusProtocol) September 2, 2025

By Sept. 3, security firm PeckShield confirmed that the funds had been restored. Transactions on BNB Chain show the recovery in action, with assets returned to protocol reserves. Venus announced full resumption of operations at 9:58 PM UTC after completing security checks.

Market and community reaction

XVS, Venus’s governance token, initially dropped nearly 10% on the news, with a surge in trading volume as users rushed to assess the damage. After the recovery efforts were confirmed, the token stabilized, showing renewed confidence.

The result, which is a rare complete recovery of stolen funds, was made possible by Venus’s emergency tools. However, it has spurred debate about centralization in DeFi because multisig intervention was required to stop the protocol and force liquidations.

Venus said it will release a detailed post-mortem, but emphasized that the protocol itself remained secure.

Phishing attacks have become common in the crypto industry. As opposed to protocol exploits, social engineering relies on user error and avoids code audits, typically through malicious pop-ups or spoof websites.

Source link

September 3, 2025 0 comments

NFT Gaming

WLFI crypto holders targeted by phishing attacks at scale post launch

by admin September 2, 2025

Experts warn that scammers are specifically targeting the hype around Trump’s WLFI token.

Summary

Scammers are deploying phishing attacks at scale, exploiting the hype around WLFI
Phishing attacks weaponize Ethereum’s new functionality, enabling wallets to act as smart contracts
Ethereum’s EIP-7702 enables users to sign multiple complex transactions at once

The launch of World Liberty Financial (WLFI) cryptocurrency, linked to U.S. President Donald Trump, resulted in unprecedented hype. With volumes rivaling many of the biggest crypto projects, scammers were prepared to exploit the situation.

Shortly after the launch on Sept. 1, Yu Xian, founder of the blockchain security firm SlowMist, reported phishing attacks at scale. He explained that attackers are using new functionality built into Ethereum wallets introduced with Ethereum’s Pectra upgrade.

SlowMist’s Yu Xian on one case of WLFI EIP‑7702 “delegate” scam | Source: X

According to Yu Xian, the EIP-7702 “delegate” function enables external accounts to act like smart contract wallets. While this improves functionality, it also enables attackers to hijack the delegate mechanism if they compromise the private key.

How scammers target WLFI holders

The EIP-7702 “delegate” scam works as follows. The attackers first exploit a private key via phishing. Then, they embed a malicious delegate smart contract in the wallet. At that point, once a victim makes any transaction, the malicious code executes, draining the victim’s tokens.

The main reason attackers opt for the delegate scam is scale. Traditional phishing requires attackers to monitor and manually drain wallets. With delegate contracts, they can set parameters that auto-execute transactions, for instance to receive WLFI tokens via airdrop.

This is not the only type of scam that targets WLFI holders. For instance, attackers also try to trick users into buying fake WLFI tokens. In one case, attackers targeted one user who had bought WLFI tokens. They then airdropped honeypot WLFI tokens until the user accidentally bought a fake token on Phantom Swap. The victim lost $4,876 to the scheme.

Source link

September 2, 2025 0 comments

GameFi Guides

Venus Protocol User Drained of $27M in Phishing Scam

by admin September 2, 2025

A BNB Chain-based Venus Protocol user has been drained of about $27 million in a phishing attack, according to on-chain data.

BSC transaction records show that a major account on the platform (0x56…2008) was likely compromised. Security firm PeckShield reported that the user appeared to approve a malicious transaction, giving the attacker control.

Funds were then moved to the attacker’s wallet (0x7fd8…202a), which still shows holdings worth more than $27.1 million.

Most of the stolen funds are in Venus USDT (VUSDT), with over 769 million tokens valued around $19.8 million. Another 276 million Venus USDC (VUSDC), worth about $7.1 million, was also drained. Smaller amounts of Binance-Peg ETH, XRP, and BTCB were included.

PeckShield stressed that this was not a direct exploit of Venus Protocol itself, but rather a wallet-level compromise through phishing. Once approvals are granted, attackers can transfer tokens without further consent, leaving victims little recourse.

Separate Bunni Exploit Costs $2.3M

On the same day, decentralized trading platform Bunni suffered a separate breach worth about $2.3 million.

Blockchain security firm BlockSec flagged the incident, pointing to flaws in Bunni’s Ethereum-based smart contracts. The stolen funds were traced to wallet 0xE04…64f2b, which currently holds roughly $1.33 million in USDC and $1.04 million in USDT. The exact attack method has not yet been disclosed.

Both the Venus phishing scam and the Bunni exploit highlight the biggest dangers in DeFi users falling for scams and loopholes in smart contracts. With more money flowing into the space, these threats aren’t going away anytime soon.

Note: This is a developing story. More details are anticipated.

Also Read: CertiK Flags Suspicious Activity in OLAXBT’s AIO Tokens

Source link

September 2, 2025 0 comments

Crypto Trends

Crypto Investor Loses $1.54 Million in Devastating Phishing Scam

by admin August 24, 2025

According to anti-fraud service Scam Sniffer, a cryptocurrency investor recently lost a total of $1.54 million after signing EIP-7702 phishing batch transactions.

Wrapped ETH (wstETH), wrapped BTC (cbBTC), as well as multiple types of other tokens, were stolen during the attack.

Batch transactions, which make it possible to perform multiple operations within a single atomic transaction, were introduced with EIP-7702, which was part of the recent Pectra upgrade.

Even though batch transactions provide a greater level of convenience for legitimate users, they also come with risks. Bad actors can exploit the new feature to trick their victims into singing away their assets.

Such scams typically involve a bogus decentralized finance (DeFi) interface that closely resembles actual applications such as popular decentralized exchange Uniswap.

$1 million worth of NFTs lost

Earlier this week, Scam Sniffer also revealed that someone had lost a total of $1 million of non-fungible tokens (NFTS) as well as other tokens as after signing phishing batch transactions that were actually disguised as Uniswap swaps.

An extremely similar incident also took place earlier this month.

“We’ve spotted multiple victims with this pattern targeting EIP-7702 upgraded addresses,” Scam Sniffer said earlier this month, urging holders to remain vigilant.

Source link

August 24, 2025 0 comments