As a result of the churning threat landscape, new threats are always emerging while others disappear or fade into irrelevance. Wallet drainers trick their victims into signing malicious transactions in order to steal their assets. As the name implies, Wallet Drainer is a malicious malware that is used on phishing websites in order to steal crypto assets through the enticement of users to sign malicious transactions. It was estimated that such attacks would result in an average loss of about $494 million in 2024.
As part of its web3 anti-scam platform, Scam Sniffer, which has been monitoring wallet drainer activity for some time, these insights are derived. Previously, the platform has flagged attacks that have affected up to 100,000 people at the same time, and these tools are phishing tools that are intended to swindle cryptocurrency from users' wallets through fake or compromised websites, thereby stealing money from the wallets of users.
As a result of the thefts, 30 large-scale thefts involving more than $1 million were reported, with the largest single heist being worth $55.4 million. As a result of this, the number of victims increased by a whopping 6.7% compared to 2023, suggesting that victims held higher amounts on average. According to web3's anti-scam platform, Scam Sniffer, which has been tracking wallet drainer activity for some time now has reported attack waves that have affected up to 100,000 individuals at the same time.
The large-scale theft incidents in 2024 were characterized by distinct phases of fraud, phishing, and other sophisticated methods for stealing digital assets.
The purpose of wallet drainers is to trick users into connecting their wallets to suspicious websites or applications in order to steal digital assets.
The first halff of the year (January-June) saw frequent, but smaller-scale incidents, resulting in individual losses that ranged from $1-8 million. In August and September, major losses accounted for 52% of the year's total large-scale losses, with $55.48 million and $32.51 million losses respectively during August and September.
There was a significant reduction in both frequency and scale of losses during the final quarter, with individual losses typically ranging between $2-6 million, which indicated a significant improvement in market awareness of security threats.
It was announced in the second quarter of this year that a drainer service known as Pink Drainer had halted operations, previously known for impersonating journalists in phishing attacks, used to compromise Discord and Twitter accounts in the name of cryptocurrency theft, has been seen to be a drainer service. This caused a decrease in phishing activity, but the scammers gradually picked up the pace in the third quarter, with the Inferno service taking the lead in August and September by causing $110 million in losses.
The final quarter of the year was considered to be one of the quieter quarters of the year. The annual losses were only about 10.3% of the total losses recorded during 2024 as a whole. Acedrainer emerged at that time as a major player as well, claiming 20% of the drainer market, according to ScamSniffer. It was reported that a total of 90,000 victims had been identified in the second and third quarters when the losses combined ttotalled$257 million; an additional 30,000 victims had been observed in the fourth quarter, which resulted in $51 million in losses.
There were more attacks in 2024 than at the beginning of the year, but in August and September, in particular, the two largest attacks of last year were observed, at $55.48 million and $32.51 million, respectively. According to this report, Q1 was the busiest time of the year for phishing website activity, resulting in a high rate of theft.
The market adjustments made in the second half of the year, as well as the exit of major drainers such as Pink and Inferno, contributed to reduced activity levels in the second half of the year." Scam Sniffer notes.
As far as tactics were concerned, scammers became more creative during 2024.
A study by Scam Sniffer found a significant increase in the use of fake CAPTCHAs and Cloudflare pages, as well as IPFS deployments in order to evade detection. Attackers are also heavily reliant on specific signature types in order to evade detection. In 56.7% of thefts, the “Permit” signature is used to authorize token expenditure, whereas in 31.9%, the “setOwner” signature is used to change ownership rights or admin rights in smart contracts.
It was also noted that Google Adwords and Twitter ads were used by attackers to lure victims to phishing websites. Attackers manipulated compromised accounts, bots, and fake token airdrops to reel people in through these channels.
Defending Against Cryptocurrency Attacks
Currently, cryptocurrency scams are on the rise, so users need to take proactive measures to protect their assets from being harmed, as the prevalence of these scams is on the rise. It is emphasized by experts that one should only interact with vetted websites to reduce exposure to fraudulent platforms.
To prevent falling victim to phishing schemes, it is equally important that one verifies URLs meticulously before engaging in any transaction.
Additionally, users are encouraged to carefully review the transaction approval prompts in order to verify that the details presented are accurate. The ability to simulate a transaction before proceeding increases the level of security by allowing individuals to identify potential risks before investing money. This is a key recommendation that should not be overlooked as well.
In addition to these practices, it is also advisable to use the built-in wallet warnings for malicious activities.
It is common for modern wallets to provide users with alerts that can help detect suspicious behaviour, allowing them to take action before it's too late. It is also possible to remove unauthorized or suspicious permissions from wallets by using token revocation tools. In addition, as cryptocurrency adoption grows globally, there will come a rising trend towards the sophistication of scams that will accompany it.
Users must remain vigilant, and use the best practices and tools available to ensure that they navigate this evolving landscape safely and effectively in the future. In a constantly changing threat environment, it will be imperative to maintain a proactive approach to security in order to safeguard digital assets.
