Crypto phishing attacks drained nearly $300 million in 2023: Scam Sniffer

Quick Take

  • Some 324,000 users fell victim to crypto phishing scams in 2023, with losses totaling nearly $300 million.
  • Inferno Drainer was reportedly used to steal the most funds, draining $81 million from 134,000 victims.

Crypto phishing activities increased during 2023, with scammers using wallet drainer malware to siphon nearly $300 million from victims, according to blockchain security firm Scam Sniffer.

In a report, Scam Sniffer identified that wallet drainers stole $295.5 million in crypto assets from more than 324,000 victims over the past year — with the largest amount stolen from a single user being $24 million.

The malware is deployed on phishing websites, using services like Cloudflare to mask their actual server addresses. The sites are designed to trick users into signing malicious transactions with their crypto wallets, enabling the scammers to steal their funds.

Notably, when older wallet drainers exit the scene, others swiftly take their place — compounding the cycle of phishing activities throughout the year.

Wallet drainer trends. Image: Scam Sniffer.

The latest example came just yesterday, with Bill Lou, CEO and co-founder of security-focused crypto wallet app Nest, falling victim to a crypto phishing scam that drained 52 stETH ($125,000) from his MetaMask wallet. The attack was related to a fake airdrop guide for the new LFG token, which seeks to onboard Ethereum big fee spenders to Solana.

Phishing methods included hacking crypto projects’ front-end websites or official X and Discord accounts to generate traffic to malicious sites. Alternatives included airdrops of NFTs or tokens, spam comments on social media and paid traffic via Google search ads.

“Although hacking attacks have a broad impact, the community often reacts promptly, typically within 10-50 minutes,” Scam Sniffer wrote. “However, airdrops, organic traffic, paid advertising and taken-over Discord links are much less noticeable.”

The notorious players


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

A handful of wallet drainers dominated this illicit market in 2023, with Inferno Drainer the most “successful,” having stolen $81 million from 134,000 victims since March.

Some $7 million in crypto assets was stolen on March 11 alone, capitalizing on the panic surrounding the USDC stablecoin significantly depegging from the U.S. dollar as victims encountered phishing websites impersonating its issuer, Circle. USDC dropped to as low as $0.88 at the time, following Circle's announcement of holding $3.3 billion in reserves at the collapsed Silicon Valley Bank.

Well-known crypto drainer Monkey was used to reportedly drain $16 million in crypto funds before calling it a day in February. In a farewell message, its developer said that “all young cyber criminals should not lose themselves in the pursuit of easy money.” They told their clientele to use a rival drainer known as Venom, which was then used to steal $27 million in funds before it stopped offering services in April, according to Scam Sniffer.

NFT drainer Pink was responsible for $18 million in stolen funds since March and went on to be used for larger exploits throughout May and June, including on the Discords of Orbiter Finance, LiFi, Flare and Evmos, as well as Steve Aoki’s X account.

MS Drainer, used to steal $59 million from 63,000 victims, and Angel Drainer ($20 million from 30,000 victims) were also among the most notable wallet-draining malware used last year.

Each peak in thefts often coincided with significant crypto events, such as airdrops or security breaches, with malware service providers taking a 20% “drainer fee,” Scam Sniffer said.

Scam Sniffer claims to have scanned nearly 12 million URLs in the past year, identifying about 145,000 malicious web links. Its open-source blacklist now contains almost 100,000 malicious domains.

Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

James Hunt is a reporter at The Block, based in the UK. As the writer behind The Daily newsletter, James also keeps you up to speed on the latest crypto news every weekday. Prior to joining The Block in 2022, James spent four years as a freelance writer in the industry, contributing to both publications and crypto project content. James’ coverage spans everything from Bitcoin and Ethereum to Layer 2 scaling solutions, avant-garde DeFi protocols, evolving DAO governance structures, trending NFTs and memecoins, regulatory landscapes, crypto company deals and the immersive metaverse. You can get in touch with James on Twitter or Telegram via @humanjets or email him at [email protected].


To contact the editor of this story:
Vishal Chawla at
[email protected]