As 2023 draws to a close, Chainalysis, the blockchain data company, has revealed the results of its research on ‘approval phishing’ scams through the past year. The technique, in which scammers trick their targets into signing a malicious blockchain transaction that allows them to spend specific tokens inside the victim’s wallet, enabled crypto criminals to steal at least US$374 million through 2023.
While this figure is substantial, it represents a 27% drop-off from the estimated US$516.8 million that attackers stole using this type of scam in 2022.
Chainalysis believes the success of approval phishing can be attributed to the fact that many decentralised apps (dApps) on smart contract-enabled blockchains, like Ethereum, require users to sign approval transactions to give the dApps’ smart contracts permission to move funds held by the user’s address.
“While approvals granted to secure dApps are generally safe, approval phishers can take advantage of the fact that many crypto users are used to signing approval transactions. The key difference is in what permissions are given, and the trustworthiness of the party receiving that permission,” Eric Jardine, Cybercrime Research Lead at Chainalysis, explained.
Research also suggests that approval phishers are now more frequently targeting specific victims, building relationships with them and using tactics associated with romance scams to convince their targets to sign approval transactions.
This also raises concerns that the volume of funds scammed via approval phishing could be significantly higher than the US$1 billion that Chainalysis has tracked since May 2021, given that romance scams are notoriously personalised, difficult to verify on-chain, and underreported.
Interestingly, like many forms of cryptocurrency-based crime, the vast majority of approval phishing theft is driven by a few highly successful actors. Of the 1,013 addresses that Chainalysis identified as being involved in this type of scam, it appears the single most successful approval phishing address alone likely stole US$44.3 million from thousands of victim addresses, representing 4.4% of the total estimated stolen during the time studied.
The ten largest approval phishing addresses combined accounted for 15.9% of all value stolen, while the 73 biggest, account for half of all value stolen over the period examined.
Commenting on ways in which the crypto industry can address the approval phishing scam problem, Chainalysis highlighted the need for user education, and the employment of pattern recognition tactics.
“Given that these scammers typically cash out using centralised exchanges, compliance teams at these service providers could monitor the blockchain for suspected approval phishing consolidation wallets with heavy exposure to destination addresses. They could then see in real-time when those wallets move funds to their platform, and then could take steps such as automatically freezing the funds or reporting to law enforcement,” said Jardine.