Scam Sniffer's 2024 mid-year phishing report reveals alarming statistics: over 260,000 victims lost $314 million on EVM chains in the first half of the year alone. Among them, 20 individuals each lost more than $1 million, with one unfortunate victim suffering an $11 million loss—the second-largest theft in history.
The report highlights that most ERC-20 token thefts stem from phishing signature approvals like Permit, IncreaseAllowance, and Uniswap Permit2. High-value thefts often involve Staking, Restaking, Aave collateral, and Pendle tokens, with victims typically lured via fake Twitter comments redirecting to phishing sites.
Phishing remains the dominant threat in blockchain security.
As a foundational gateway for user transactions, OKX Web3 Wallet prioritizes security enhancements and user education. The team recently upgraded its risk transaction interception features targeting high-frequency phishing scenarios, with plans to expand coverage for additional risk patterns.
This article explains OKX Web3 Wallet’s four newly upgraded risk interception features, their applicable scenarios, and the mechanics behind real-world theft cases—equipping you with critical safety knowledge.
1. Malicious EOA Account Authorization
The Threat
Recent incidents include:
- A user losing $217,000 on June 26 by signing phishing approvals on a fake Blast website.
- ZachXBT’s July 3 report of 6 BAYC NFTs and 40 Beans stolen (worth ~$1 million) via Fake_Phishing 187019.
- A Pendle user losing $4.69 million in PENDLEPT restaking tokens on July 24 through Permit phishing signatures.
These attacks often trick users into authorizing a hacker’s Externally Owned Account (EOA)—a user-controlled address distinct from smart contracts—through fake incentives.
Authorization Methods Exploited
- Approve: Standard ERC-20 method allowing predefined token transfers by smart contracts. Leaves visible traces in the victim’s wallet.
- Permit/Permit2: Offline signature approvals enabling token transfers without gas fees. Signatures are invisible in victims’ wallets, detectable only in attackers’ addresses.
OKX Web3 Wallet’s Defense
The wallet analyzes pending transactions, triggering alerts if an EOA address is detected as the authorization target, preventing phishing-induced losses.
2. Malicious Owner Permission Changes
The Threat
Common on chains like TRON and Solana, attackers exploit account ownership designs to seize control:
TRON’s multi-signature system includes Owner, Witness, and Active permissions. Hackers may:
- Co-opt control via multi-signature mechanisms, requiring both victim and attacker signatures for transactions.
- Transfer Owner/Active permissions outright, stripping victims of control.
OKX Web3 Wallet’s Defense
Transactions attempting permission changes are automatically blocked, halting further signatures to prevent irreversible losses.
3. Malicious Transfer Address Alterations
The Threat
Flaws in DApp contracts enable address hijacking:
- EigenLayer’s queueWithdrawal exploit: Attackers trick users into approving withdrawals to attacker-specified addresses via fake approvals masked by CREATE2 mechanisms.
OKX Web3 Wallet’s Defense
Analyzing queueWithdrawal transactions, the wallet warns users if withdrawals direct to non-user addresses on unofficial sites, mandating manual confirmation.
4. Similar-Address Transfers
The Threat
Attackers generate addresses mimicking victims’ first/last characters (e.g., matching first 4 + last 6 hex digits). Post-transfer, they send decoy transactions to pollute history logs, duping users into copying fraudulent addresses.
Notable Case: A whale lost 1,155 WBTC (~$70 million) in May 2024 after pasting a similarly structured phishing address.
OKX Web3 Wallet’s Defense
Monitoring transactions, the wallet flags similar addresses post-large transfers and blocks interactions with them. Supported on 8 chains, it also tags suspicious addresses in transaction histories.
Conclusion
The first half of 2024 saw relentless phishing campaigns via airdrop scams and compromised official accounts. Users must heighten vigilance and adopt secure platforms. OKX Web3 Wallet’s proactive interception features—covering EOA authorizations, permission changes, address manipulations, and similar-address fraud—form a robust defense matrix.
👉 Explore OKX Web3 Wallet’s security features
FAQ
Q1: How does OKX detect malicious EOA authorizations?
A: By parsing transaction data and flagging EOA-bound approvals.
Q2: Why block Owner permission changes entirely?
A: Such changes are irreversible and high-risk, warranting zero-tolerance.
Q3: Can OKX prevent all similar-address scams?
A: While not 100%, it significantly reduces risks via real-time monitoring and alerts.
Q4: Are Permit2 approvals always unsafe?
A: No—but they require extra caution as signatures are invisible to victims.
Q5: Which chains support similar-address detection?
A: Currently 8, including Ethereum and TRON, with more planned.
Q6: How often are interception rules updated?
A: Continuously, to address emerging attack vectors.
Risk Disclaimer:
This content is informational only. OKX disclaims liability for financial losses. Always verify actions and consult professionals.