A relatively new type of virus related to cryptocurrency has seen significant “success” in the past year as phishing scammers continue to develop and use increasingly complex strategies to avoid security safeguards.
Scam Sniffer’s findings about this new malware, dubbed “Wallet Drainers,” require the industry’s full attention.
Wars of Crypto Malware: 2023
These malicious programs are used on phishing websites to trick users into accepting dangerous transactions, which results in the theft of assets from their cryptocurrency wallets, according to a recent report by Scam Sniffer. The Web3 anti-scam platform has tracked wallet drainers for the past year, as they have taken over $295 million in assets from almost 324,000 victims.
Notably, victims of phishing sites impersonating Circle fell for roughly $7 million in theft on March 11 alone, mostly as a result of changes in USDC rates. A significant number of thefts also happened on or around March 24, the day of Arbitrum’s airdrop, when their Discord account was hacked.
Scam Sniffer discovered that intentional theft peaks occurred in tandem with group-related events like airdrops and hacking incidents.
After six months of operation, Monkey Drainer announced their departure after ZachXBT exposed them. After that, Venom gained control of a large percentage of its clientele. After that, in March or so, more entities appeared, including MS, Inferno, Angel, and Pink. After Venom stopped operating in April, a lot of phishing groups switched to other services.
These efforts have greatly increased in scope and speed. Monkey, for instance, stole $16 million in six months, while Inferno Drainer outperformed this, taking $81 million in just nine months.
According to the research, these organizations made at least $47 million from the sale of wallet drainer services, assuming a 20% drainer fee.
It is clear from trend analysis that phishing attempts have been steadily increasing. Additionally, if a Drainer leaves, a new one takes their place; after Inferno declares their departure, Angel appears to be the new replacement.
Starting Phishing Operations
Phishing websites mainly draw users in a number of ways:
Hacking Attacks: This includes using libraries, assaulting official project frontends, and breaking into the official project’s Discord and Twitter accounts.
Organic Traffic: Natural Traffic distributing NFT or token airdrops, taking over broken Discord links, and stifling Twitter mentions and remarks
Paid Traffic: Twitter advertisements and Google search ads
Despite the fact that hacking attacks affect a large community, Scam Sniffer said that people usually react quickly—often in a matter of 10 to 50 minutes. Furthermore, organic traffic, paid advertising, airdrops, and the takeover of Discord links are far less noticeable.
There is also a more focused type of phishing that uses private messages sent to individuals.