As phishing scammers continue to evolve and employ more sophisticated tactics to evade security measures, a relatively new form of cryptocurrency-associated malware has seen considerable “success” in the past year.
Dubbed “Wallet Drainers,” Scam Sniffer’s discoveries about this new malware demand the full attention of the industry.
Cryptomalware Wars: 2023
According to a recent crypto-phishing-scams-drain-300-million-from-320000-users/” target=”_blank” rel=”noopener” data-wpel-link=”external”>report from Scam Sniffer, these malicious programs are deployed on phishing websites to trick users into authorizing harmful transactions, leading to the theft of assets from their crypto wallets. Over the past year, anti-scam platform Web3 observed that Wallet Drainers stole more than $295 million in assets from approximately 324,000 victims.
Notably, on March 11 alone, nearly $7 million was stolen, primarily due to fluctuations in USDC rates, with victims falling victim to phishing sites impersonating Circle. Major thefts also occurred around March 24, when Arbitrum's Discord was compromised, coinciding with its airdrop date.
Scam Sniffer found that the appearance of theft spikes strategically coincided with group-related events, such as airdrops or hacking incidents.
After ZachXBT exposed Monkey Drainer, they declared their departure after six months of activity. Venom subsequently assumed control of a significant portion of his clientele. After that, around March new entities such as MS, Inferno, Angel and Pink emerged. When Venom stopped operating around April, many phishing groups switched to alternative services.
The scale and pace of these activities have increased dramatically. For example, Monkey drained $16 million in six months, while Inferno Drainer surpassed that figure significantly, plundering $81 million in just nine months.
Assuming a 20% drain fee, these entities made at least $47 million from the sale of wallet drain services, according to the report.
“When analyzing the trends, it is evident that phishing activities have been continuously growing. Also, every time a Drainer leaves, a new one replaces him, as Angel appears to be the new replacement after Inferno announced his departure.”
Start phishing activities
Phishing sites attract visitors mainly through various means:
- Hacking attacks: This involves breaching the official Discord and Twitter project accounts; attack official project interfaces or use libraries
- Organic traffic: nft or token airdrop distribution; take over expired Discord links; as well as spam mentions and comments on Twitter
- Paid traffic: Google search ads; Twitter Ads
While hacking attacks have widespread impact, Scam Sniffer said the community typically responds quickly, often within 10 to 50 minutes. Additionally, Discord's airdrops, organic traffic, paid advertising, and link acquisition are considerably less flashy.
Additionally, there is a more specific form of phishing that involves personal private messages.
Binance Free $100 (Exclusive): Use this link to sign up and receive $100 free and 10% off fees on Binance Futures for the first month (terms).
<!– ai CONTENT END 1 –>
