Security expert and SlowMist founder Yu Xian said the phishing incidents of the first half of the year showed that the profit margin of these malicious attacks was profitable. He added:

“There are 20 large accounts that have been phished for more than one million US dollars. Most of them are caused by the offline authorization signature of permit being phished away.”

20 people lost over $1 Million each

The report reveals that around 260,000 victims lost $314 million across all Ethereum Virtual Machine (EVM)-compatible chains between January and June 2024. Among these, the top 20 victims lost over $1 million each, totaling $58 million. Notably, most of these users fell victim to several signature permits.

The report stated:

“In the Top 20 victim’s case, most of the thefts of all ERC20 tokens were due to signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2.”

During the period, the most significant losses were incurred by one user who lost $11 million, making them the second-largest individual theft victim in history. Following a permit signature phishing attack, the user lost $11 million worth of aEthMKR and Pendle USDe tokens.

The report also disclosed that most large thefts involved staking, restaking, Aave Collateral, and Pendle tokens. By asset category, Pendle-related thefts accounted for 23.6%, followed by restaking assets at 19.5%. Aave Collateral and staking thefts stood at 18% and approximately 8%, respectively.

Phishing attack tactics

Scam Sniffer stated that most phishing attacks were caused by impersonator accounts on X, formerly Twitter. The victims were lured to phishing websites via phishing comments on the platform.

It explained:

“From Mist-Track intelligence and victim feedback, most victims were lured to phishing websites through phishing comments from impersonated Twitter accounts.”