X, previously known as Twitter, continues to be a hotspot for phishing scams, with fake accounts leading users to phishing sites and causing $47M in crypto losses.
For more than ten years, X has attracted scammers who constantly refine their methods to deceive users. The issue lies with victims being misled by fraudulent X accounts, directing them to harmful phishing websites.
Phishing Scams Rampant on X
The Scam Sniffer’s February report reveals that a large number of users were tricked into scams through X by fake comments, leading to significant financial losses.
Around 57,000 people were victims of crypto phishing scams, totaling losses of approximately $47 million. This represents a 75% reduction in the number of people losing over $1 million from the month prior.
The Ethereum mainnet saw the largest share of these thefts, accounting for 78%, with ERC20 tokens being the main target, comprising 86% of the total stolen funds. These thefts were mainly conducted using phishing techniques like Permit, IncreaseAllowance, and Uniswap Permit2.
The use of Safe or Account Abstraction wallets by Wallet Drainers as token approval mechanisms has made the phishing problem worse.
These findings align with SlowMist’s research, which pointed out the role of deceptive comments on X in facilitating thefts, especially under posts from well-known projects. Around 80% of such comments were found to be from phishing scam accounts.
Crypto Scams Through X Ads
Despite Elon Musk’s commitment to fighting bots, the platform has seen little improvement post-takeover. Reports indicate an increase in the use of X ads by cybercriminals to spread scams like crypto drainers and fake airdrops.
X’s revenue fell 22% in 2023 to $3.4 billion, mainly due to a sharp decline in ad revenue over two years. Despite attempts to offset these losses with subscription and data licensing revenue, the efforts have not been fruitful.