Scammers Who Trick Users Into Signing Malicious Transactions Have Netted At Least $1B Since 2021, Chainalysis Says

A type of cryptocurrency scam that involves tricking people into signing malicious transaction requests has netted at least $1 billion since May of 2021, according to blockchain forensics firm Chainalysis.

The scam is known as approval phishing because it relies on the innocent user unknowingly granting permission to the funds in their wallet. A related type of thievery known by the delightful name of pig butchering is increasingly using approval phishing techniques to steal money, Chainalysis said. Pig butchering involves scammers building up a personal – and often romantic – relationship with the victim as a way to take funds.

The amount of approval phishing has fallen this year to $374.6 million through November compared with $516.8 million in 2022, according to Chainalysis. As the firm usually does, it offers the caveat that it’s numbers are probably much less than what is actually being stolen because romance scams are underreported and they are starting with a limited set of blockchain addresses known to be involved in the fraud.

Any user of blockchain will know the sheer number of transactions that need to be approved – some involving the movement of funds or others that simply allow you to connect your wallet to a decentralized application. It becomes almost second nature to approve such transactions, and that’s what approval phishers rely on, because the permission they are sending to their victims involves the ability to move funds out of the victim’s wallet.

“For instance, one approval phishing scam saw fraudsters promote a bogus story of a Uniswap approval phishing scam, and set up a fake Etherscan page where users could check their transaction approvals by connecting their wallets and signing an approval transaction to see if they’d fallen victim — that last transaction was the core of the actual approval phishing scam,” Chainalysis said in its report.

A relatively small number of scammer addresses are involved in approval phishing, according to Chainalysis. “The most successful  approval phishing address likely stole $44.3 million from thousands of  victim addresses, representing 4.4% of the total estimated stolen during the time period studied,” the firm said. “The ten largest approval phishing addresses combined account for 15.9% of all value stolen during the time period studied, while the 73 biggest account for half of all value stolen.”

To combat the trend, Chainalysis recommended user education about how this type of fraud works and for exchanges to use pattern recognition to uncover likely scammer addresses.

 “Exchange compliance teams could monitor the blockchain for suspected approval phishing consolidation wallets with heavy exposure to destination addresses,” Chainalysis said. “They could then see in real time when those wallets move funds to their platform, and then could take steps such as automatically freezing the funds or reporting to law enforcement. More broadly, the industry can work to educate users not to sign approval transactions unless they’re absolutely sure they trust the person or company on the other side, or understand the level of access they’re granting.”