As 2023 approaches its conclusion, Chainalysis, the blockchain data company, has unveiled the findings of its research on ‘approval phishing‘ scams throughout the past year. This technique involves scammers deceiving their targets into endorsing a malicious blockchain transaction, allowing them to spend specific tokens within the victim’s wallet. Through 2023, crypto criminals utilized this method to pilfer a minimum of US$374 million. Although this amount is significant, it marks a 27% decrease from the estimated US$516.8 million stolen through this type of scam in 2022.
Chainalysis attributes the success of approval phishing to the prevalence of decentralized apps (dApps) on smart contract-enabled blockchains, such as Ethereum. These dApps often require users to sign approval transactions, granting permission for the dApps’ smart contracts to move funds held by the user’s address. Eric Jardine, Cybercrime Research Lead at Chainalysis, notes, “While approvals granted to secure dApps are generally safe, approval phishers can take advantage of the fact that many crypto users are accustomed to signing approval transactions. The key difference lies in the permissions granted and the trustworthiness of the party receiving that permission.”
Research indicates that approval phishers are increasingly targeting specific victims, establishing relationships with them, and employing tactics associated with romance scams to persuade targets to sign approval transactions. This raises concerns that the actual volume of funds scammed through approval phishing could surpass the US$1 billion tracked by Chainalysis since May 2021, as romance scams are personalized, challenging to verify on-chain, and often underreported.
Interestingly, like many forms of cryptocurrency-based crime, a small number of highly successful actors drive the majority of approval phishing theft. Among the 1,013 addresses identified by Chainalysis in this type of scam, the most successful approval phishing address alone likely stole US$44.3 million from thousands of victim addresses, constituting 4.4% of the total estimated stolen during the study period. The ten largest approval phishing addresses collectively accounted for 15.9% of all value stolen, while the 73 biggest addresses represented half of all value stolen during the examined period.
Addressing the approval phishing scam issue, Chainalysis emphasizes the importance of user education and the use of pattern recognition tactics. Jardine suggests that compliance teams at centralized exchanges, where scammers typically cash out, could monitor the blockchain for suspected approval phishing consolidation wallets heavily connected to destination addresses. This proactive approach would enable them to identify and respond to suspicious movements of funds in real-time, potentially freezing the funds or reporting to law enforcement. Additionally, Jardine advocates for industry-wide efforts to educate users not to sign approval transactions unless they fully trust the person or company on the other side or understand the level of access they are granting.
