Last updated:
Journalist
Hassan Shittu
Journalist
Hassan Shittu
Share
Why Trust Cryptonews
Ad Disclosure
We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.
According to a report by blockchain security firm ScamSniffer, the crypto landscape witnessed another wave of phishing scams in November, resulting in a total loss of $9.38 million and impacting over 9,200 victims.
Although the total amount stolen marked a 53% decline from October’s staggering $20.2 million.
The report highlighted one particularly devastating incident in which an individual lost $661,000 worth of stETH (staked Ethereum) in just minutes.
The losses occurred amid a backdrop of evolving scam tactics, with malicious actors leveraging increasingly sophisticated methods to exploit unsuspecting users.
November Phishing Scams: How Bad Was It?
The November scams were marked by a recurring pattern of malicious signature requests, which proved to be the most potent tool in the attackers’ arsenal.
Victims unknowingly authorized transactions that drained their wallets entirely, leading to notable losses such as $409,000 in WBTC on the Arbitrum network and $344,000 in FET through Ethereum’s Uniswap platform.
Another $220,000 in USDT was lost through a direct transfer.
ScamSniffer emphasized that malicious signature requests remain the most effective weapon for phishing scammers.
A significant development in November was the emergence of a new phishing method dubbed “Angel Drainer,” which rose to prominence following the exit of the notorious Inferno Drainer operation.
As Scam Sniffer called it, this evolution is likened to a hydra—cutting off one head simply results in another emerging.
While the total amount stolen in November was lower than in previous months, the number of victims remained alarmingly high.
This aligns with broader findings from blockchain security firms like CertiK, which reported that phishing accounted for $343.1 million in losses across 65 incidents in Q3 2024 alone.
The use of fake accounts on social media platforms and deceptive Google ads were among the most common tactics employed to lure victims to phishing websites.
Raising Awareness: DeFi Security at Risk
The crypto community faces an uphill battle to curb the prevalence of phishing scams as attackers continue to refine their strategies.
ScamSniffer’s report urged users to remain vigilant, stressing that one misplaced signature could lead to devastating financial losses.
In response to these threats, the firm has urged users to use tracking agencies like MistTrack to monitor suspicious transactions and flag potentially malicious activities in real-time.
Educational efforts are also becoming more prominent, as projects aim to equip users with the tools and knowledge necessary to avoid phishing traps.
ScamSniffer has recommended a combination of best practices, including verifying every signature request and avoiding impulsive actions during transactions.
Furthermore, developing anti-scam-enhanced wallets and browser extensions tailored to detect and block phishing attempts has become a key focus area for blockchain developers.
Notably, November saw not only phishing attacks. XT.com, a Seychelles-based cryptocurrency exchange, reported a suspected $1.7 million hack.
While the exchange initially attributed the suspension to “wallet upgrade and maintenance,” blockchain security firm PeckShield alleged that the platform lost 461.58 Ether (ETH) in a hacking incident.
Similarly, Crypto casino platform Metawin suffered a $4 million hack on November 3, targeting its Ethereum and Solana hot wallets.
The attacker exploited Metawin’s “frictionless withdrawal system,” prompting the platform to halt withdrawals while temporarily securing its systems.
So far, December started with the same trend. On December 1, Clipper, a decentralized exchange, experienced a $450,000 hack due to a vulnerability in its withdrawal function.
This affected two liquidity pools and locked approximately 6% of its total value.
