Category: IT|Jan 7, 2025 | Author: Admin

Cryptocurrency wallet drainers stole $494 million in 2024

Share on

Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses.

Cryptocurrency wallet drainers stole $494 million in 2024

This marks a 67% increase over 2023 figures although the number of victims only rose by 3.7%, indicating that victims held more significant amounts on average.

 

The data comes from web3 anti-scam platform 'Scam Sniffer,' which has been tracking wallet drainer activity for a while now, previously reporting attack waves that impacted up to 100,000 people at once.

 

Wallet drainers are phishing tools specifically designed to steal cryptocurrency or other digital assets from users' wallets, often deployed on fake or compromised websites.

 

In 2024, Scam Sniffer observed 30 large-scale (above $1 million) thefts conducted via wallet drainers, with the largest single heist cashing in $55.4 million worth of cryptocurrency.

 

This occurred early in the year when Bitcoin's price hikes fueled phishing activity. In the first quarter of the year, a total of $187 million was stolen via wallet drainer attacks.

 

In the second quarter of the year, a notable drainer service named 'Pink Drainer,' previously seen impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks, announced its exit.

 

Although this caused a drop in phishing activity, the scammers started to gradually pick up the pace in the third quarter with the Inferno service taking the the lead by causing $110 million in losses in August and September combined.

 

Finally, the activity subsided in the final quarter of the year, which only accounted for about 10.3% of the total losses recorded in 2024. At that time, Acedrainer also emerged as a major player, taking 20% of the drainer market, ScamSniffer says.

 

Most of the losses (85.3%) occurred on Ethereum, amounting to $152 million while staking (40.9%) and stablecoins (33.5%) were among the most targeted.

 

Regarding trends seen in 2024, Scam Sniffer highlights the use of fake CAPTCHA and Cloudflare pages, and IPFS to evade detection, as well as a shift in signature types facilitating money theft.

 

Specifically, most thefts relied on the 'Permit' signature (56.7%) or 'setOwner' (31.9%) to drain funds. The first gives approval for token spending as per the EIP-2612 standard, while the second updates smart contract ownership or administrative rights.

 

Another noteworthy trend is the increased use of Google Ads and Twitter ads as a source of traffic to the phishing websites, with the attackers using compromised accounts, bots, and fake token airdrops to achieve their goal.

 

To protect from Web3 attacks, the recommendation is to interact only with trusted and verified websites, cross-check URLs with official project websites, read transaction approval prompts and permission requests before signing, and simulate transactions before performing them.

 

Many wallets also offer built-in warnings for phishing or malicious transactions, so make sure to enable those. Finally, use token revoking tools to ensure no suspicious permissions are active.

Sponsored Ads:

Comments:


TikTok-19-01-25.png

TikTok shuts down in the US as Trump throws the company a lifeline

Category: IT|Jan 19, 2025 | Author: Admin
Discord-18-01-25.png

Malicious PyPi package steals Discord auth tokens from devs

Category: IT|Jan 18, 2025 | Author: Admin
China_matrix-17-01-25.png

GDPR complaints filed against TikTok, Temu for sending user data to China

Category: IT|Jan 17, 2025 | Author: Admin
Fortinet-16-01-25.png

Hackers leak configs and VPN credentials for 15,000 FortiGate devices

Category: General|Jan 16, 2025 | Author: Admin
windows-blue-background-15-01-25.png

January Windows updates may fail if Citrix SRA is installed

Category: Microsoft|Jan 15, 2025 | Author: Admin
nominet-14-01-25.png

UK domain registry Nominet confirms breach via Ivanti zero-day

Category: IT|Jan 14, 2025 | Author: Admin
back-13-01-25.png

Phishing texts trick Apple iMessage users into disabling protection

Category: Apple|Jan 13, 2025 | Author: Admin
church-12-01-25.png

Pastor who saw crypto project in his "dream" indicted for fraud

Category: IT|Jan 12, 2025 | Author: Admin
LDAPNightmare-11-01-25.png

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

Category: IT|Jan 11, 2025 | Author: Admin
Outlook-for-Windows-10-01-25.png

Microsoft to force install new Outlook on Windows 10 PCs in February

Category: Microsoft|Jan 10, 2025 | Author: Admin
proton-mail-header-09-01-25.png

Proton Mail still down as Proton recovers from worldwide outage

Category: IT|Jan 9, 2025 | Author: Admin
backdoror-web-shells-08-01-25.png

Over 4,000 backdoors hijacked by registering expired domains

Category: IT|Jan 8, 2025 | Author: Admin
cryptocurrency.png

Cryptocurrency wallet drainers stole $494 million in 2024

Category: IT|Jan 7, 2025 | Author: Admin
google-06-01-25.png

Google Chrome is making it easier to share specific parts of long PDFs

Category: Google|Jan 6, 2025 | Author: Admin
email-server-05-01-25.png

Over 3 million mail servers without encryption exposed to sniffing attacks

Category: IT|Jan 5, 2025 | Author: Admin
more