Crypto Phishing Scams Claim Over $12 Million in August: Tips to Stay Safe

Phishing scams, attacks disguised as legitimate communication or websites designed to steal funds and sensitive information, cost crypto users over $12 million in August, up 72% from July, Web3 anti-scam service Scam Sniffer reported on Saturday.

Crypto phishing scams impacted 15,230 victims in August, a 67% increase from July, with the single largest loss costing one user over $3 million, according to Scam Sniffer.

The Scam Sniffer team also noted a “sharp escalation” in EIP-7702 signature scams. EIP-7702 is an Ethereum improvement proposal that allows Externally Owned Accounts to act as smart contract wallets that can execute transactions and shift funds.

Scammers and hackers exploiting this functionality drained over $5.6 million in August through three separate attacks, Scam Sniffer said.

Scams and cybersecurity exploits continue to be a problem in crypto, with over $163 million stolen in August through malicious activity. The persistent threat is a reminder for crypto users to remain vigilant and practice good anti-phishing and anti-scam security measures.

Related: Venus Protocol recovers user’s $13.5M stolen in phishing attack

Good practices for staying safe against phishing scams

Losses from crypto hacks and scams crossed $3.1 billion in the first half of 2025 amid increasingly sophisticated attack methods.

Scammers often target users by posing as legitimate and well-known cryptocurrency exchanges, either setting up fake websites with similar URL addresses to legitimate exchanges or sending fake communications to users.

These communications include emails, text messages, and even physical letters sent through the mail, designed to steal sensitive user information, including seed phrases for crypto wallets and passwords to online accounts. 

Typically, the scammers will pretend to be customer service agents from reputable exchanges, claiming that the user’s account is facing some sort of threat or cybersecurity issue and demand personal information from the user, including seed phrases.

Good practices to avoid phishing scams include checking URLs for tiny mistakes and bookmarking pages instead of using search engines or the search bar to access websites every time, verifying website links, and avoiding downloading attachments or clicking links from unknown sources. 

Phishing scams often contain misspelled words or grammatical errors, and any of these mistakes is a red flag; users should read through messages carefully to detect such errors.

Crypto and Web3 users should also use virtual private networks (VPNs) to mask their IP addresses and physical locations, never give out seed phrases or passwords, and enable two-factor authentication for sensitive online accounts.

Magazine: $55M DeFi Saver phish, copy2pwn hijacks your clipboard: Crypto Sec