Scammers stole a staggering $494 million in cryptocurrency through wallet drainer attacks in 2024, targeting over 300,000 wallet addresses.

This represents a 67% increase in losses compared to 2023, even though the number of victims grew by only 3.7%. The data suggests that victims held larger amounts of digital assets on average.

The figures come from the Web3 anti-scam platform Scam Sniffer, which closely monitors wallet drainer activity. In the past, the platform reported attack waves affecting up to 100,000 individuals at a time.

What Are Wallet Drainers?

Wallet drainers are phishing tools designed to steal cryptocurrency or other digital assets from users’ wallets. These tools are often deployed on fake or compromised websites, tricking users into granting permissions that allow attackers to drain their wallets.

Major Theft Highlights in 2024

In 2024, Scam Sniffer reported 30 large-scale thefts involving wallet drainers, each exceeding $1 million. The largest single heist netted $55.4 million in cryptocurrency, occurring early in the year when Bitcoin’s rising value spurred phishing activity.

In the first quarter alone, $187 million was lost to wallet drainer attacks. In contrast, phishing activity briefly declined in the second quarter following the exit of a notable drainer service, Pink Drainer, which had previously impersonated journalists to compromise Discord and Twitter accounts for crypto theft.

Buy Me a Coffee

By the third quarter, scammers regained momentum with the emergence of the “Inferno” service, which caused $110 million in losses during August and September. The year ended with a quieter fourth quarter, accounting for only 10.3% of the total annual losses. However, a new drainer service, “Acedrainer,” rose to prominence, claiming 20% of the market share in wallet drainer activity.

READ
US Sanctions Russian and Iranian Organizations for 2024 Election Interference

Breakdown of Losses

Ethereum was the primary target, accounting for 85.3% of the losses, totaling $152 million. Staking assets (40.9%) and stablecoins (33.5%) were among the most frequently targeted digital assets.

Scam Sniffer identified several evolving tactics used by scammers in 2024:

  • Phishing Techniques: Use of fake CAPTCHA and Cloudflare pages, as well as IPFS (InterPlanetary File System), to evade detection.
  • Signature Exploits: Most thefts exploited the “Permit” signature (56.7%) or “setOwner” signature (31.9%). The “Permit” signature allows token spending without requiring the owner’s private key, while “setOwner” changes smart contract ownership or admin rights.
  • Advertising on Google and Twitter: Scammers increasingly used Google Ads and Twitter ads to lure victims, relying on compromised accounts, bots, and fake token airdrops to drive traffic to phishing sites.

Recommendations for Staying Safe

To avoid falling victim to wallet drainers and other Web3 scams, consider the following precautions:

  1. Interact Only With Trusted Websites: Verify URLs and ensure they match official project sites.
  2. Check Permissions: Carefully read transaction approval prompts and permission requests before signing.
  3. Simulate Transactions: Use tools that simulate transactions to spot potential risks.
  4. Enable Wallet Warnings: Many wallets have built-in alerts for phishing or malicious activities.
  5. Revoke Suspicious Permissions: Use token revoking tools to remove unwanted access to your wallet.

By staying vigilant and adopting these security measures, users can better protect themselves from the growing threat of wallet drainer attacks in the Web3 space.

READ
Top 12 Cybersecurity and Cyberattack Incidents of 2024