Crypto Phishing Losses Exceed $800 Million in 2024

Giggle Academy, an educational initiative launched by Binance founder Changpeng Zhao, was a victim of a cyberattack that compromised its official X account (formerly Twitter). This resulted in the distribution of phishing links and false information.

This incident comes as the emerging industry deals with the scourge of phishing attacks, which have led to substantial losses for users.

Giggle Academy’s Hack Reinforces Growing Phishing Attack Threats

On November 16, Zhao confirmed a breach on Giggle Academy’s X account and cautioned the community against interacting with the compromised account. The attackers falsely claimed a “new CEO” had been appointed and shared phishing links to lure victims into verifying this fabricated announcement.

Giggle Academy provides free online courses covering grades 1 to 12, focusing on core subjects and additional topics such as emotional intelligence, finance, and blockchain. Its mission centers on supporting underserved communities with accessible education.

The Giggle Academy breach underscores the growing phishing problem in the blockchain industry. This year alone, phishing-related losses have surpassed $800 million. Blockchain security firm CertiK attributes this surge to increasingly sophisticated techniques like wallet draining and address poisoning.

CertiK’s data reveals 247 phishing incidents recorded in 2024. The first quarter saw the highest number of attacks, with 82 cases, while Q2 and Q3 recorded 67 and 65 incidents, respectively. Q4 has already logged 33 cases, despite only being midway through.

Although Q1 experienced the most attacks, Q2 led in total losses, with over $433 million stolen. Losses in Q3 reached $343 million, while Q1 accounted for $67 million. Despite fewer incidents in Q4 so far, the monetary impact is on track to surpass early-year figures.

CertiK highlights a shift in phishing methods, with hackers increasingly employing advanced tools. Wallet-draining techniques, originally popularized by Ice Phishing, are becoming more potent. In such scams, users are tricked into granting token-spending permissions to malicious actors.

Modern variants combine these methods with additional draining tools, such as Angel Drainer and Pink Drainer. Angel Drainer’s recent acquisition of Inferno Drainer highlights the growing prevalence of such tools in phishing campaigns.

Another rising threat is address poisoning, where scammers create fake wallet addresses resembling legitimate ones. They then send scam tokens to victims, hoping to manipulate transaction histories. When users attempt to interact with a familiar address, they may accidentally transact with a fake one instead.