Did you know $494 Million Worth of Cryptocurrency Has Been Scammed from Wallet Drainer Attacks in 2024

 

According to data from Scam Sniffer, a web3 anti scam platform, a total of $494 million of cryptocurrency has been scammed from wallet drainer attacks in 2024, which is a 67% increase from 2023. 300,000 wallet addresses had been targeted in 2024, but there was only a 3.7% increase in victims which means that victims had more amounts in their wallets than last year. Scam Sniffer has been collecting data on wallet drainer activity and they also found that previous attacks affected 100,000 people at the same time. Wallet drainers are malicious tools often used to exploit fake or compromised websites, targeting users to steal cryptocurrency and other digital assets. In 2024, 30 of the large scale wallet drainer attacks had been reported which took more than $1 million from each wallet, with the largest attack reported was worth $55.4 million.

 In Q1 of 2024, scammers stole $187 million of cryptocurrency from wallet drainer attacks and most of the major attacks were also done in this quarter because Bitcoin’s price got hiked. In Q2 of 2024, a notable wallet draining service called Pink Drainer announced that it is going to stop working. This service used to impersonate journalists and did most of the crypto stealing attacks on Twitter and Discord. Even though Pink Drainer being out of service decreased some phishing activity, most of the scammers moved to Inferno which helped them with their phishing activity. In August and September, Inferno was the cause of $110 million crypto losses.

In Q4 of 2024, the wallet drainer attacks decreased a bit with only 10.3% of the losses of 2024 being reported in this quarter. Another wallet draining service called Acedrainer emerged which was the reason for 20% of the attacks. Ethereum was the cause of most of the losses in 2024 (85.3%), with $152 million losses. The services which were the most targeted were stablecoins (33.5%) and staking (40.9%). Scammers used Cloudflare pages, CAPTCHA and IPFS for the attacks, with most of them using setOwner (31.9%) and Permit signature (56.7%) too.

Attackers are also getting traffic to their phishing websites through Twitter and Google ads and they are using a lot of compromised accounts to scam the people. If you want to keep yourselves safe from web3 attacks, always choose to work with trusted websites and make sure that you have read all the permissions and transaction approval prompts. You should also enable warnings for malicious and phishing attacks that are built-in in some wallets to prevent yourselves from scammers.