January saw a 56% decline in phishing scam losses compared to December 2024, with victims losing $10.25 million.
Telegram “Fake Safeguard” scams surged 2,000%, alongside fake Phantom wallet popups targeting Solana users.
ScamSniffer warns against “recovery experts” promising full refunds, as they are often exit scammers.
A blockchain security firm, ScamSniffer, has that 9,220 victims lost a total of $10.25 million to cryptocurrency phishing scams in January alone. According to the report released on their X page, this was a sharp decline from December 2024, when losses reached $23.58 million – a 56% drop.
One of the biggest individual losses reported was $1 million stolen through Uniswap’s Permit2 feature, which scammers likely used to gain unauthorized transaction approvals. Another victim lost $549,000 in a direct transfer, possibly falling for a scam that tricked them into sending funds. Additionally, $471,000 was stolen through transaction simulation spoofing, a method where fake transactions are made to look real to deceive users.
Malware-Based Attacks Surge, Targeting Telegram and Solana Users
Despite the decrease in financial losses, the report warned that malware attacks are becoming a growing concern. Bad actors are shifting to new techniques that exploit vulnerabilities in crypto transactions and wallets.
The rise in malware-related scams is particularly alarming. ScamSniffer noted a 2,000% increase in Telegram-based “Fake Safeguard” scams since November, a scheme that tricks users into installing malicious software. Solana users are also being targeted through fake Phantom wallet popups, which attempt to steal their seed phrases – the private keys that grant access to their crypto funds.
Social Engineering Scams Continue to Exploit Coinbase Users
Although fewer funds were stolen compared to the previous month, the shift toward malware-based attacks suggests that crypto users must remain vigilant. ZachXBT, a blockchain security investigator, recently that users have lost more than $300 million annually to social engineering scams.
Between December 2024 and January 2025, at least $65 million was stolen from victims. However, the actual figure could be much higher, as ZachXBT mentioned that their data was limited to messages from affected users and activity. The fraudulent scheme typically begins with a phone call from a spoofed number, making it appear as if Coinbase itself is contacting the victim. Using stolen personal information, the scammer convinces the target that their account has experienced unauthorized login attempts. To “secure” the account, the victim is directed to a fake Coinbase website – an almost exact copy of the real platform.
On December 10, ScamSniffer an increase in X impersonation scams, with fake crypto accounts rising to more than 300 per day. As a precaution, users are warned to remove wallet permissions if they have used suspicious sites to protect their funds. They are also advised to seek help only from legitimate recovery services but cautioned against so-called “recovery experts” who guarantee full refunds. These individuals are often scammers themselves, aiming to deceive victims again.
“Avoid ‘recovery experts’ promising 100% returns – they’re exit scammers!” ScamSniffer .