Crypto phishing attacks drained nearly $300 million in 2023: Scam Sniffer

Crypto phishing activities increased during 2023, with scammers using wallet drainer malware to siphon nearly $300 million from victims, according to blockchain security firm Scam Sniffer.

In a report, Scam Sniffer identified that wallet drainers stole $295.5 million in crypto assets from more than 324,000 victims over the past year — with the largest amount stolen from a single user being $24 million.

The malware is deployed on phishing websites, using services like Cloudflare to mask their actual server addresses. The sites are designed to trick users into signing malicious transactions with their crypto wallets, enabling the scammers to steal their funds.

Notably, when older wallet drainers exit the scene, others swiftly take their place — compounding the cycle of phishing activities throughout the year.

Wallet drainer trends. Image: Scam Sniffer.

The latest example came just yesterday, with Bill Lou, CEO and co-founder of security-focused crypto wallet app Nest, falling victim to a crypto phishing scam that drained 52 stETH ($125,000) from his MetaMask wallet. The attack was related to a fake airdrop guide for the new LFG token, which seeks to onboard Ethereum big fee spenders to Solana.

Phishing methods included hacking crypto projects’ front-end websites or official X and Discord accounts to generate traffic to malicious sites. Alternatives included airdrops of NFTs or tokens, spam comments on social media and paid traffic via Google search ads.

“Although hacking attacks have a broad impact, the community often reacts promptly, typically within 10-50 minutes,” Scam Sniffer wrote. “However, airdrops, organic traffic, paid advertising and taken-over Discord links are much less noticeable.”

The notorious players

A handful of wallet drainers dominated this illicit market in 2023, with Inferno Drainer the most “successful,” having stolen $81 million from 134,000 victims since March.

Some $7 million in crypto assets was stolen on March 11 alone, capitalizing on the panic surrounding the USDC stablecoin significantly depegging from the U.S. dollar as victims encountered phishing websites impersonating its issuer, Circle. USDC dropped to as low as $0.88 at the time, following Circle's announcement of holding $3.3 billion in reserves at the collapsed Silicon Valley Bank.

Well-known crypto drainer Monkey was used to reportedly drain $16 million in crypto funds before calling it a day in February. In a farewell message, its developer said that “all young cyber criminals should not lose themselves in the pursuit of easy money.” They told their clientele to use a rival drainer known as Venom, which was then used to steal $27 million in funds before it stopped offering services in April, according to Scam Sniffer.

NFT drainer Pink was responsible for $18 million in stolen funds since March and went on to be used for larger exploits throughout May and June, including on the Discords of Orbiter Finance, LiFi, Flare and Evmos, as well as Steve Aoki’s X account.

MS Drainer, used to steal $59 million from 63,000 victims, and Angel Drainer ($20 million from 30,000 victims) were also among the most notable wallet-draining malware used last year.

Each peak in thefts often coincided with significant crypto events, such as airdrops or security breaches, with malware service providers taking a 20% “drainer fee,” Scam Sniffer said.

Scam Sniffer claims to have scanned nearly 12 million URLs in the past year, identifying about 145,000 malicious web links. Its open-source blacklist now contains almost 100,000 malicious domains.