Scam Sniffer highlights several trends seen in 2024, including the use of fake CAPTCHA and Cloudflare pages, the use of IPFS to avoid detection, and a shift in signature types (signature) that facilitates money theft.
Specifically, most thefts relied on a ‘Permit’ (56.7%) or ‘setOwner’ (31.9%) signature to drain funds.
The first signature provides approval for spending tokens according to the EIP-2612 standard, while the second renews smart contract ownership or administrative rights.
Another important trend is the increasing use of Google and Twitter ads as a source of traffic to phishing websites. The attackers used hacked accounts, bots, and fake token airdrops to achieve their goals.
To protect yourself from Web3 attacks, it is recommended to only interact with trusted and verified websites, double-check URLs with official project websites, read transaction approval orders and permission requests before signing, and simulate transactions before actually carrying them out.
Many wallets also offer built-in warnings for phishing or malicious transactions, so make sure that feature is enabled. Finally, use the token revocation tool to ensure there are no suspicious permissions active.