Approval Phishing Scams Drain $1bn of Cryptocurrency from Victims

Written by

Approval phishing scams have been used to steal at least $1bn in cryptocurrency since May 2021, according to a new report by Chainalysis.

The researchers estimates that this technique, which is frequently used by romance scammers, has led to crypto users losing at least $374m so far in 2023.

Approval phishing is a type of crypto scam in which attackers attempt to trick targets into signing a malicious blockchain transaction that gives their address approval to spend specific tokens inside the victim’s wallet. This allows the scammer to drain the victim’s address of these tokens at will, with some targets losing tens of millions.

Once the victim signs the transaction, generally the phisher sends the funds to a separate wallet from the one they approved.

The technique is less well-known than typical crypto scams, which usually involve a phony investment opportunity or impersonation.

Value stolen through suspected approval phishing scams, May 2021 – November 2023. Source: Chainalysis
Value stolen through suspected approval phishing scams, May 2021 – November 2023. Source: Chainalysis

The report found that approval phishers are increasingly targeting specific crypto users, building relationships with victims and often using romance scam techniques to convince them to sign approval transactions.

The vast majority of approval phishing theft is driven by a few highly successful actors, according to the analysis. The most successful address is believed to have stolen $44.3m from thousands of victim addresses, representing 4.4% of the total amount of cryptocurrency stolen during the period studied.

The ten largest approval phishing thefts accounted for 15.9% of the value stolen, with the 73 biggest accounting for half.

Chainalysis believe the actual losses from this scam could be far higher, as romance scams are notoriously underreported.

How to Tackle Approval Phishing

The report set out a range of steps crypto compliance teams can take to tackle this threat:

  • Educating cryptocurrency users about this type of crypto scam and not to sign approval transactions unless they are sure they trust the person or company on the other side.
  • Monitoring the blockchain for suspected approval phishing consolidation wallets with heavy exposure to destination addresses.
  • Take steps such as automatically freezing the funds or reporting to law enforcement when suspect wallets move funds to their platform.

What’s hot on Infosecurity Magazine?