The number of victims of signature phishing attacks in January 2026 surged by 207% compared to December, with a total of 4,700 wallets compromised and losses amounting to $6.27 million. Signature phishing attacks involve attackers luring users into signing off-chain messages on malicious decentralized applications (dApps). Though these requests appear harmless, they may actually grant attackers unlimited token spending authority or permission to transfer non-fungible tokens (NFTs), enabling them to drain victims’ wallets.
Researchers noted that Ethereum’s Fusaka upgrade significantly reduced transaction fees, making attack vectors such as address poisoning more attractive. Blockchain researcher Andrey Sergeenkov discovered that new address creation spiked last month—2.7 million new addresses were generated within one week, approximately 170% higher than normal levels.
This surge in on-chain activity can facilitate attacker reconnaissance and rapid deployment of phishing campaigns. As attackers continue to refine social engineering and on-ramp techniques, users and services alike must boost verification and wallet-safety protocols to mitigate these high-stakes risks.
Leave a Reply