Phishing scams stole around $300 million worth of cryptocurrencies from 320,000 investors in 2023, according to the yearly report from web3 security firm Scam Sniffer.
Phishing scams are one of the most common means of attack against the emerging industry and have resulted in the loss of millions of funds. In one incident, these scammers stole $24.23 million of liquid-staked Ethereum, including 4,851 rETH (worth $8.58 million) and 9,579 stETH ($15.63 million).
Wallet drainers reign supreme
According to the report, malicious actors leveraged wallet drainers to orchestrate these phishing attacks.
Wallet drainers are usually embedded within phishing websites, deceiving unsuspecting individuals into authorizing malicious transactions that would enable the theft of their digital assets from their cryptocurrency wallets.
ScamSniffer’s exhaustive analysis identified six prominent wallet drainer service providers, including Inferno, MS, Angel, Monkey Drainer, Venom Drainer, Pink Drainer, and Pussy Drainer.
The Inferno Drainer emerged as the top player among these scammers, facilitating the theft of $81 million from 134,000 users over nine months. The crypto wallet-draining kit operator shut operations in November 2023.
Similarly, MS Drainer and Angel Drainer capitalized on this trend, pilfering $59 million from 63,000 users and $20 million from 30,000 victims, respectively.
Another prominent player, Monkey Drainer, stole $16 million from 18,000 people. It shut operations in March last year.
These Wallet Drainer services providers earned at least $47 million from their 20% drainer fee.
Phishing scammers tactics
Scam Sniffer exposed various methods employed by the attackers, encompassing hacking attacks, organic and paid traffic strategies.
Attackers infiltrate official social media accounts of projects or manipulate their front end and libraries. Tactics such as spam mentions, comments on Twitter, fake airdrops, expired Discord links and paid adverts on Google search and Twitter drive traffic, often escaping detection compared to blatant hacking attempts.
It is imperative to note that the phishing attack method chosen hinges on the content of the victim’s wallet.
Scam Sniffer said it scanned nearly 12 million URLs during the reporting period, unearthing about 145,000 malicious URLs. Presently, the firm’s blacklist contains approximately 100,000 malicious domains, signifying the scale of the ongoing threat.
Bitcoin 2023 year in review: Analysis of BTC’s key metrics
CryptoSlate’s latest market report dives deep into Bitcoin’s performance over the past year, analyzing a range of metrics to provide a more objective and comprehensive perspective of its YTD growth.
Major Partners to Join the Upcoming Aleph Zero CTRL+Hack+ZK Hackathon
Delysium Unveils Lucy — the Operating System (OS) of the “YKILY” AI Agent Network
GameFi Project AssetClub announced adoption of BRC20-RATS for further development of the RATS community
More Stories
Arch Raises $7M Led By Multicoin Capital To Build The First Bitcoin-Native Application Platform
SolanaVM is Bringing 68 Billion Value EVM dApps to Solana, With Their EVM Compatible L2 Chain
Telos Secures $1M in Funding From Presto Labs to Develop SNARKtor-Powered L2 and SNARKtor Labs