Cyber Crime
Scammers Steal Rs 4200 Crore in Cryptocurrency Through Wallet Drainer Attacks in 2024!
Cryptocurrency theft surged in 2024, with scammers stealing an astounding $494 million through wallet drainer attacks, according to data from web3 anti-scam platform Scam Sniffer.
This marks a staggering 67% increase in stolen funds compared to 2023, despite only a modest 3.7% rise in the number of victims, indicating that the average victim held significantly larger amounts of digital assets.
The Mechanics of Wallet Drainers
Wallet drainers are phishing tools designed to siphon cryptocurrency and digital assets from unsuspecting users. These tools are often deployed via fake or compromised websites, luring victims into granting malicious permissions.
In 2024, Scam Sniffer tracked 30 large-scale heists exceeding $1 million each, with the largest single theft amassing Rs 460 crores. This incident occurred in the first quarter, coinciding with a Bitcoin price surge that fueled phishing activity. During this period alone, scammers drainedRs 1, 552 crore from wallets.
FCRF Digital Privacy Leadership Awards: Nominate Now!
Evolving Tactics and Key Players
The year saw a shift in phishing dynamics, particularly with the exit of ‘Pink Drainer,‘ a notorious service previously linked to impersonating journalists to compromise Discord and Twitter accounts.
While phishing activity temporarily dipped in the second quarter, it rebounded in the third quarter, led by the ‘Inferno‘ service, which caused $110 million in losses in just two months.
By the year’s end, ‘Acedrainer’ emerged as a significant player, capturing 20% of the wallet drainer market. Despite a slowdown in the fourth quarter, this period still accounted for 10.3% of the year’s total losses.
Ethereum and Popular Targets
Ethereum was the most targeted blockchain, accounting for 85.3% of the losses, or $152 million. Staking assets (40.9%) and stablecoins (33.5%) were the top targets for scammers.
Nominate NOW for FCRF Excellence Awards at FutureCrime Summit 2025
Sophisticated Scams and Techniques
Scam Sniffer highlighted the use of fake CAPTCHA and Cloudflare pages, as well as IPFS-hosted phishing sites, to evade detection. Attackers also leveraged deceptive transaction signatures, with ‘Permit’ (56.7%) and ‘setOwner’ (31.9%) signatures being the most exploited.
A significant trend was the increased use of Google Ads and Twitter ads to drive traffic to phishing websites. Attackers relied on compromised accounts, bots, and fake token airdrops to deceive victims.
Protecting Against Wallet Drainer Attacks
To stay safe from such attacks, experts recommend interacting only with verified websites, cross-checking URLs, carefully reading transaction approval prompts, and simulating transactions before proceeding. Additionally, users should enable built-in wallet warnings for malicious transactions and use token revocation tools to remove suspicious permissions.
As cryptocurrency adoption grows, staying vigilant against increasingly sophisticated scams is more crucial than ever.
