Overview
Blockchain security firm Scam Sniffer reported a dramatic 207% increase in signature‑phishing losses in January 2026, with $6.27 million stolen from 4,741 victims.
What Is Signature Phishing?
Attackers lure users to malicious dApps that request off‑chain signatures. The seemingly harmless prompts (e.g., approve a token deposit or list an NFT) actually grant unlimited token‑spending rights, enabling later wallet drains.
January 2026 Spike
The surge contrasts with a broader decline in crypto phishing: total 2025 losses fell 83% to $83.85 million across 106,106 victims.
- 4,741 wallets hit – up 207% from December.
- $6.27 million stolen – 65% of the total loss came from just two wallets.
- Largest single loss: $12.25 million from a copied address mistake.
Why Are Attacks Growing?
Ethereum’s recent Fusaka upgrade slashed transaction fees, making low‑cost “dust” or address‑poisoning attacks economically viable.
- New address creation spiked 170% in a single week (2.7 million new addresses).
- Two‑thirds of these new addresses received < $1 in stablecoins, a hallmark of mass‑poisoning campaigns.
Other Common Tactics
- Address Poisoning: Tiny “dust” transactions to look‑alike addresses, tricking users who copy‑paste from history.
- Permit & IncreaseAllowance Scams: Malicious contracts gain token‑spending approvals, as seen in a $3.02 million SLV/XAUt attack.
Mitigation Strategies
Wallet providers and users can reduce risk by:
- Always reviewing the exact address and amount before confirming a transaction.
- Verifying the purpose of any signature request, especially for token approvals.
- Enabling built‑in anti‑phishing warnings and transaction‑simulation features.
- Using hardware wallets for high‑value assets.
Looking Ahead
As long as Ethereum fees remain low, attackers will continue to exploit cheap, high‑volume tactics. Ongoing education, smarter wallet UX, and on‑chain analytics are essential to curb future losses.