As phishing scammers continue to evolve and employ more sophisticated tactics to evade security measures, a relatively new form of malware associated with crypto has experienced considerable “success” in the past year.
Dubbed, “Wallet Drainers,” Scam Sniffer’s discoveries regarding this new malware demand the complete attention of the industry.
Crypto Malware Wars: 2023
According to a recent report by Scam Sniffer, these malicious programs are deployed on phishing websites to deceive users into authorizing harmful transactions, leading to the theft of assets from their crypto wallets. Over the last year, the Web3 anti-scam platform observed Wallet Drainers pilfering more than $295 million in assets from approximately 324,000 victims.
Notably, on March 11 alone, almost $7 million was stolen, primarily due to fluctuations in USDC rates, with victims falling prey to phishing sites impersonating Circle. Significant thefts also occurred around March 24 when Arbitrum’s Discord was compromised, coinciding with their airdrop date.
Scam Sniffer found that the occurrence of peaks in theft strategically coincided with group-related events, such as airdrops or hacking incidents.
After Monkey Drainer was exposed by ZachXBT, they declared their exit following six months of activity. Venom subsequently assumed control of a significant portion of its clientele. Following that, new entities like MS, Inferno, Angel, and Pink emerged around March. When Venom ceased operations around April, many phishing groups shifted to alternative services.
The scale and pace of these activities have escalated dramatically. For example, Monkey drained $16 million over six months, while Inferno Drainer surpassed this significantly, looting $81 million in just nine months.
Assuming a 20% Drainer fee, these entities profited at least $47 million from the sale of wallet drainer services, as per the report.
“Analyzing the trends, it is evident that phishing activities have been continuously growing. Moreover, whenever a Drainer exits, a new one replaces them, such as Angel seems to be the new replacement after Inferno announced their exit.”
Initiating Phishing Activities
Phishing sites primarily attract visitors through various means:
- Hacking Attacks: This entails breaching the official project Discord and Twitter accounts; attacking official project frontends or utilizing libraries
- Organic Traffic: Distribution of NFT or Token airdrops; assuming control of expired Discord links; as well as spam mentions and comments on Twitter
- Paid Traffic: Google search ads; Twitter ads
While hacking attacks have a widespread impact, Scam Sniffer stated that the community typically responds swiftly, often within a 10-50 minute timeframe. Moreover, airdrops, organic traffic, paid advertising, and the takeover of Discord links are considerably less conspicuous.
Additionally, there is a more targeted form of phishing involving personal private messages.
SPECIAL OFFER (Sponsored) Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).