November Phishing Scams Cost 9.2K Victims Over $9M: Report

Last updated:

Journalist

Hassan Shittu

Journalist

Hassan Shittu

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…

Last updated:

Why Trust Cryptonews

For over a decade, Cryptonews has covered the cryptocurrency industry, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.

According to a report by blockchain security firm ScamSniffer, the crypto landscape witnessed another wave of phishing scams in November, resulting in a total loss of $9.38 million and impacting over 9,200 victims.

Although the total amount stolen marked a 53% decline from October’s staggering $20.2 million.

The report highlighted one particularly devastating incident in which an individual lost $661,000 worth of stETH (staked Ethereum) in just minutes.

The losses occurred amid a backdrop of evolving scam tactics, with malicious actors leveraging increasingly sophisticated methods to exploit unsuspecting users.

Source: X / @realScamSniffer

November Phishing Scams: How Bad Was It?

The November scams were marked by a recurring pattern of malicious signature requests, which proved to be the most potent tool in the attackers’ arsenal.

Victims unknowingly authorized transactions that drained their wallets entirely, leading to notable losses such as $409,000 in WBTC on the Arbitrum network and $344,000 in FET through Ethereum’s Uniswap platform.

Another $220,000 in USDT was lost through a direct transfer.

Source: X / @realScamSniffer

ScamSniffer emphasized that malicious signature requests remain the most effective weapon for phishing scammers.

A significant development in November was the emergence of a new phishing method dubbed “Angel Drainer,” which rose to prominence following the exit of the notorious Inferno Drainer operation.

As Scam Sniffer called it, this evolution is likened to a hydra—cutting off one head simply results in another emerging.

While the total amount stolen in November was lower than in previous months, the number of victims remained alarmingly high.

Source: X / @realScamSniffer

This aligns with broader findings from blockchain security firms like CertiK, which reported that phishing accounted for $343.1 million in losses across 65 incidents in Q3 2024 alone.

The use of fake accounts on social media platforms and deceptive Google ads were among the most common tactics employed to lure victims to phishing websites.

Raising Awareness: DeFi Security at Risk

The crypto community faces an uphill battle to curb the prevalence of phishing scams as attackers continue to refine their strategies.

ScamSniffer’s report urged users to remain vigilant, stressing that one misplaced signature could lead to devastating financial losses.

In response to these threats, the firm has urged users to use tracking agencies like MistTrack to monitor suspicious transactions and flag potentially malicious activities in real-time.

Educational efforts are also becoming more prominent, as projects aim to equip users with the tools and knowledge necessary to avoid phishing traps.

ScamSniffer has recommended a combination of best practices, including verifying every signature request and avoiding impulsive actions during transactions.

Furthermore, developing anti-scam-enhanced wallets and browser extensions tailored to detect and block phishing attempts has become a key focus area for blockchain developers.

Notably, November saw not only phishing attacks. XT.com, a Seychelles-based cryptocurrency exchange, reported a suspected $1.7 million hack.

While the exchange initially attributed the suspension to “wallet upgrade and maintenance,” blockchain security firm PeckShield alleged that the platform lost 461.58 Ether (ETH) in a hacking incident.

Similarly, Crypto casino platform Metawin suffered a $4 million hack on November 3, targeting its Ethereum and Solana hot wallets.

The attacker exploited Metawin’s “frictionless withdrawal system,” prompting the platform to halt withdrawals while temporarily securing its systems.

So far, December started with the same trend. On December 1, Clipper, a decentralized exchange, experienced a $450,000 hack due to a vulnerability in its withdrawal function.

This affected two liquidity pools and locked approximately 6% of its total value.