Crypto Phishing Scams Drain $5.29M in April—Attackers Get Creative

Crypto users got schooled in ’don’t click that’ last month—phishers diversified their playbook and walked off with $5.29 million. From fake airdrops to impersonated customer support, the scams are getting slicker while exchanges keep cashing fees for ’security features.’

Here’s the breakdown: BNB Chain took the heaviest hit (naturally), but Ethereum and Solana wallets got cleaned out too. Attackers are now bypassing 2FA with frightening ease—turns out your Trezor won’t save you from your own stupidity.

The kicker? Half these thefts could’ve been prevented if people stopped trusting DMs from ’Binance Support.’ But hey, Darwinism works in crypto too—just ask the guys who lost their seed phrases to a .xyz domain last Tuesday.

There were other users who also lost significant amounts to signed phishing signatures. These include a user, 0xc1e4260cb, who lost $666,414 to a multipermit phishing signature, and 0x7C930969FCF who lost $234,000.

Meanwhile, the second-biggest attack last month was $700,000 in losses by one user who copied the wrong address. Address poisoning has ranked as one of the leading causes of phishing scam losses this year, and it appears that this will continue.

In this particular case, the victim copied a fake address that shared the same first six characters with the legitimate address, while the last four characters were the same except in different alphabet cases.

Unsurprisingly, there were other significant losses due to address poisoning. In one case, another user lost $150,000 because they copied the wrong address, while 0xEFc4f1d5 also sent $467,175 to the wrong address for the same reason.

Nevertheless, April is the month with the lowest crypto phishing losses this year, other than February, which had $5.32 million in losses.

Scammers are devising new ways to attack users

Meanwhile, April also saw scammers rely heavily on various means to target users. ScamSniffer identified fake “Solscan” ads on Google Search results as phishing links, noting that the spoof site was the leading search result on Google when a user searched for Solscan.

It noted:

“These phishing ads are designed to drain your wallet through malicious transaction signatures.”

While the URL for the phishing LINK and the authentic page appear to be the same, clicking on the link actually redirects users to Solscaan.com. Google has removed the ad.

Interestingly, fake Google ads were not the only means through which attackers are trying to exploit users. Ethereum Name Service lead developer Nick Johnson also identified another email phishing attack that targets Google accounts, with scammers deploying fake login pages using Google sites for credibility.

With scammers relying on various techniques to target crypto users, security analysts continue to highlight how individuals can protect themselves against such attacks by identifying when they are being phished.

ScamSniffer shared infographics on its page showing the various ways that scammers can initiate these attacks using Twitter, Discord, airdrop, scam adverts, and software compromise. It also identified all the popular phishing signatures that users can unknowingly sign and lose their assets.

Meanwhile, Revoke Cash also posted necessary precautions for users to avoid address poisoning. These precautions include double-checking all the addresses before executing a transaction, not copying addresses from the transaction histories, and using wallets that support bookmarks or whitelisting.

$364 million lost to crypto hacks in April

Meanwhile, the over $5 million lost in phishing scams only accounts for a small percentage of the total crypto losses in April. According to blockchain security firm CertiK, a total of $364 million was lost to hacks and scams in April.

One incident was responsible for $336 million of the losses, and it involved a social engineering attack resulting in the theft of 3,520 Bitcoins from one individual who had been holding the asset since 2017. On-chain sleuth ZachXBT confirmed that the victim was an elderly individual in the US.

CertiK categorized this attack as phishing. By their metric, the loss from the incident, along with the $1.36 million lost to address poisoning, meant that the phishing category saw a total of $337 million in losses in April.

Beyond this attack, hackers also exploited decentralized exchange KiloEX for $7.5 million, drained $5.8 million from Loopscale, and stole $5.5 million from the ZKSync airdrop contract. Bitcoin Mission and Term Labs also lost $2 million and $1.57 million, respectively.

Cryptopolitan Academy: Want to grow your money in 2025? Learn how to do it with DeFi in our upcoming webclass. Save Your Spot