Over the past year, fraudsters have stolen cryptocurrency worth $494 million through Wallet Drainer attacks targeting over 300,000 crypto addresses. This represents a 67% increase compared to 2023, despite the number of victims rising by only 3.7%, suggesting a significant growth in the average balances held by victims.
These findings were published by Scam Sniffer, a platform specializing in Web3 fraud prevention, which had previously reported waves of Wallet Drainer attacks affecting up to 100,000 users simultaneously.
Wallet Drainer refers to a class of phishing tools designed to steal cryptocurrency or other digital assets from users’ wallets. Attackers typically leverage fraudulent or compromised websites to carry out such schemes.
In 2024, Scam Sniffer recorded 30 major heists exceeding $1 million each, facilitated by Wallet Drainer. The most significant theft occurred early in the year, netting $55.4 million as a surge in Bitcoin prices intensified phishing activity. In the first quarter alone, $187 million was stolen.
The second quarter saw a temporary decline in activity following the shutdown of Pink Drainer, a phishing service that had previously disguised itself as journalists to compromise Discord and Twitter accounts. However, the third quarter marked a resurgence with the emergence of the Inferno service, causing $110 million in losses during August and September alone.
The final quarter of the year was comparatively subdued, accounting for just 10.3% of 2024’s total damages. During this period, Acedrainer emerged as a dominant player in the cryptodrainer market, controlling 20% of its share. Most losses (85.3%) were concentrated on the Ethereum network, amounting to approximately $152 million. Key targets included staking (40.9%) and stablecoins (33.5%).
New trends in crypto fraud became apparent in 2024, including the use of fake CAPTCHA and Cloudflare pages, as well as leveraging IPFS to bypass security measures. Attackers also evolved their use of signatures: 56.7% of attacks exploited the Permit signature, enabling token spending, while 31.9% used the setOwner signature to modify administrative rights.
To lure victims, fraudsters increasingly relied on Google Ads, Twitter advertisements, fake airdrops, and bot campaigns. Scam Sniffer also noted a rise in fake social media accounts disseminating phishing links.
To mitigate the risks of Web3 attacks, experts recommend engaging only with verified websites, cross-checking URLs on official project resources, carefully reviewing permission requests, and simulating transactions before execution. Additionally, users should enable phishing transaction alerts in their crypto wallets and utilize tools to revoke suspicious permissions.
