Blockchain security researchers warned on Saturday that phishing attacks draining Ethereum wallets were accelerating, days after a victim lost close to $1m through a malicious transaction signature.
The latest incident involved a victim approving a fraudulent signature that granted attackers access to their holdings. Security firms including PeckShield and Scam Sniffer have documented similar approval-based exploits that bypass conventional wallet safeguards by tricking users into authorising transfers.
The attacks coincided with heightened trading interest in Ethereum, as institutional accumulation continued. BitMine, a corporate holder, was reported to be nearing 5% of circulating ETH supply, drawing new participants and, according to researchers, more opportunistic fraud.
Signature-phishing campaigns often spread through fake airdrop pages and compromised social media accounts, according to Scam Sniffer. The firm urged holders to revoke unused token approvals and verify transaction details before signing, warning that hardware wallets alone do not prevent authorisation-based theft.
The warnings highlight persistent security gaps in decentralised finance even as regulators in the United States and European Union tighten oversight of crypto platforms. Industry groups have called for wider adoption of transaction-simulation tools that show users the true effect of a signature before approval.