Crypto phishing losses surge 207% as attackers target high-value wallets

Data from blockchain security firm Scam Sniffer show signature phishing drained roughly $6.3 million from user wallets in January, a 207% increase from December even as the raw count of victims fell 11%. Attackers have shifted toward “whale hunting,” focusing on fewer but wealthier users.

Two victims accounted for nearly 65% of signature phishing losses in January, and the single largest case saw $3.02 million taken after a user signed a malicious "permit" or "increaseAllowance" function that granted indefinite access to move tokens. Address poisoning proved equally damaging: one investor lost $12.25 million after sending funds to a fraudulent vanity address that mimicked the first and last characters of a legitimate wallet, relying on victims to copy addresses from their transaction history rather than verify the full string.

signature phishing, address poisoning, whale hunting, scam sniffer, increaseallowance, permit function, vanity address, high-value wallets, phishing losses, token approvals