By The Numbers: Crypto Users Lose $300 Million To Phishing Scams In 2023

3 January 2024

In a startling revelation by Scam Sniffer, the cryptocurrency world has been hit hard by a series of sophisticated phishing scams in 2023. The team behind the crypto security tool has reported that Wallet Drainers, a type of malware, have successfully siphoned off nearly $295 million from approximately 324,000 unsuspecting victims in the space.

These malicious software programs, predominantly found on phishing websites, trick users into authorizing harmful transactions, leading to significant asset theft from their crypto wallets.

Wallet Drainers: The New Threat in Crypto Security?

A closer examination of the data reveals a worrying trend of increasing phishing activities; each correlated with specific events in the crypto space. For instance, a significant theft of almost $7 million was reported on March 11, coinciding with fluctuations in USDC rates and an impersonation scam of Circle, the company behind the stablecoin.

Additionally, a noticeable theft spike was observed around March 24, aligning with the hacking of Arbitrum’s Discord and its airdrop date. Scam Sniffer’s report highlighted several notable Wallet Drainers, including Inferno Drainer, which alone stole $81 million from 134,000 victims, and MS Drainer, with a haul of $59 million from 63,000 victims.

The report notes the alarming scale and velocity of these operations. For example, Monkey Drainer extracted $16 million over six months, whereas Inferno Drainer looted $81 million in just nine months, as seen in the chart below. The report also sheds light on the common phishing signatures these Drainers use.

Depending on the type of assets in a victim’s wallet, various phishing methods are deployed, ranging from increased allowance to ERC20 permit signatures. The most severe cases involved victims losing millions to these sophisticated scams.

Scam Sniffer’s Analysis: Tracking Malicious Trends

Scam Sniffer has ramped up its efforts in response to this growing threat. Over the past year, the tool scanned nearly 12 million URLs, identifying close to 145,000 as malicious. Furthermore, its open-source blacklist contains nearly 100,000 dangerous domains, continuously updated to platforms like Chainabuse.

The increasing use of smart contracts by scammers, such as multicall for efficient asset transfers and CREATE2 & CREATE functions to bypass wallet security checks, marks a significant change from the previous year. This evolution underscores the need for enhanced vigilance and updated security measures in the crypto community.

Scam Sniffer’s work extends beyond just tracking and reporting. The team actively collaborates with well-known platforms, offering its services to their users. They encourage all stakeholders in the crypto ecosystem to “join the fight against phishing, emphasizing that security is a collective responsibility.”

In closing, Scam Sniffer acknowledges the support of its community:

(…) crypto phishing involves multiple parties, crypto, and non-crypto platforms. Security requires a collective effort. If you wish to enhance your product’s capabilities in this area, please contact us at [email protected].

Finally, thanks to all the supporters of Scam Sniffer! Your support is the motivation that keeps us going.

Cover image from Unsplash, chart from Tradingview

Need help?

Please use the contact form to get support.