Here’s some encouraging news for the crypto space: Phishing-related losses actually dropped for the third month in a row during February! Scam Sniffer reports that 7,442 individuals were affected, losing around $5.32 million, but that’s a move in the right direction.

The security experts at Scam Sniffer point out that this figure is a significant 48% decrease compared to January, which saw losses of $10.25 million, and a huge drop from December 2024’s staggering $23.58 million.

They believe this positive trend suggests that crypto users are becoming more aware and proactive about security. It seems more and more people are taking steps to better protect their digital assets.

What’s more, the reduced number of incidents indicates a broader improvement. It suggests we’re seeing growing understanding of common scam tactics and better security habits spreading throughout the crypto industry.

Major phishing attacks

Looking closer at February’s attacks, the most impactful one was “address poisoning” on the Ethereum network. This is where scammers cleverly mess with transaction histories, tricking users into accidentally sending funds to their fake addresses. This sneaky method alone accounted for $771,000 in stolen assets.

Other common phishing tactics also caused significant losses. “Permit-related exploits” drained $611,000 from Ethereum users, while on the BNB Chain, users lost $610,000 due to “unrevoked approvals” – those permissions people forget to cancel. On top of that, “Increase Approval” scams stole another $326,000 from Ethereum wallets.

In one particularly striking example, a victim suffered a massive $607,000 loss because of a phishing approval they’d unknowingly signed *over a year ago*!

This really highlights the importance of regularly revoking old and unnecessary approvals. Scam Sniffer analysts strongly advise users to do this when network fees are low to minimize their vulnerability to these kinds of attacks.

Sophisticated phishing schemes

Even with the overall decline in losses, it’s crucial to remember that scammers are constantly adapting and refining their techniques.

Scam Sniffer has issued a warning about a new, crafty scheme spreading through Telegram. Attackers are now luring users into entering verification codes, which allows them to hijack Telegram accounts.

Here’s how this Telegram scam typically unfolds, according to Scam Sniffer:

• First, scammers send a message, often pretending to be Telegram support, urging you to “verify” or fix a supposed issue with your account.
• Next, they’ll ask you to enter a login or verification code – crucial, *do not do this*.
• This code gives them access: they instantly steal your session information.
• Suddenly, you’re locked out – you lose control of your Telegram account.
• Once they’re in, they can do real damage, potentially searching for private keys or, even worse, impersonating you to trick your contacts.

Scam Sniffer emphasizes that these Telegram tactics are becoming increasingly widespread, particularly the use of fake “security alert” messages designed to panic and manipulate users.