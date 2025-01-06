Victims lost close to $500m from wallet drainer attacks in 2024, a 67% annual increase, according to new data from Scam Sniffers.

The security vendor’s Crypto Phishing Report 2024 is based on analysis of Ethereum Virtual Machine (EVM)-compatible chains.

The estimated $494m lost to wallet drainers in 2024 came from 332,000 wallet addresses, up just 3.7% from 2023 figures. This suggests that cybercriminals are stealing more from each victim. In fact, the largest single theft was a whopping $55.5m, the report claimed.

In total, there were 30 “large-loss cases” of over $1m, amounting to $171m in total or $5.7m on average.

Wallet (or crypto) drainers are a type of phishing tactic designed specifically to harvest not usernames and passwords, but crypto-wallet funds. Victims are often lured via phishing content distributed through compromised Discord and Twitter accounts, paid traffic, emails and private messages, and organic traffic like NFT or token airdrops.

Scam Sniffer said it observed distinct phases of malicious activity in 2024.

“The first half (January-June) saw frequent but smaller-scale incidents, with individual losses ranging from $1-8m. The peak period occurred during July-September, with major losses of $55.5m and $32.5m in August and September respectively, accounting for 52% of the year’s total large-scale losses,” it revealed.

“The final quarter showed a significant reduction in both frequency and scale, with individual losses mostly ranging from $2-6m, indicating an overall improvement in market security awareness.”

Most losses ($152m) in the year were related to Ethereum, followed by Blast ($5.9m) and Arbitrum ($3.6m).

The attack landscape also shifted over the course of the past 12 months, with the prolific Pink Drainer closing down its operations at the end of May.

The Angel Drainer’s market share declined at the end of October, while that of Inferno Drainer remained steady at 40-45%, the report added.

“Web3 security requires both tool protection and proper security awareness and habits,” Scam Sniffer said. “While enjoying Web3 innovation benefits, always prioritize security and remain vigilant. In the decentralized world, everyone is ultimately responsible for protecting their own assets.”