A new report from the crypto security firm Scam Sniffer paints a sobering picture of the growing threat posed by phishing scams targeting cryptocurrency investors. According to the report, phishing scams drained nearly $300 million from approximately 320,000 victims in 2023 alone.
The report provides concerning statistics about the increasing sophistication of these scams and provides details regarding the new techniques used by scammers to evade security protocols. It also profiles the activities of prominent “wallet drainers” – phishing groups using specialized malware to steal funds from crypto wallets.
$300 Million Stolen from 320,000 Victims
The headline statistic underscoring the human impact of crypto phishing is the $295.48 million collectively stolen by phishers from 324,082 victims last year. To put it into perspective, this figure means that on average, each victim lost close to $1,000.
The report warns that phishing activities steadily increased each month throughout 2023. Scam Sniffer detected evolving tactics used by scammers to trick unwitting investors into compromising wallet security.
Nearly $7 Million Stolen in One Day
While the $300 million total was amassed over 365 days, Scam Sniffer observed intensified activity around certain dates. For instance, on March 11th alone, phishing gangs made off with almost $7 million.
The report analysis attributes spikes in theft to events in the crypto community. Fluctuations in stablecoin prices led to a surge in phishing campaigns that impersonated websites like Circle to trick investors into revealing the access credentials of their crypto wallets. Hacking incidents, airdrops, and project launches also tend to spark spikes in criminal activity and wallet-draining as scammers leverage such events to lure unwary market participants.
From Monkey to Inferno – The Rise of “Wallet Drainers”
The report sheds light on the underground ecosystem of applications used to automate the procedure of extracting Cryptocurrencies from a wallet. These tools are known as “wallet drainers.” Cybercriminals employ targeted malware to drain funds from victims’ crypto wallets once they gain access and manage to clean the table in a matter of seconds once they get ahold of the wallet’s private keys and other access credentials.
One notorious wallet drainer, Monkey Drainer, operated for 6 months in August 2022 before being exposed. During that time, it was used to steal approximately $16 million from investors, the Scam Sniffer report indicates.
However, Monkey Drainer’s figures pale in comparison to its successors Inferno and MS Drainer. Both of these tools were active for only 9 months but managed to steal an eye-popping total of $140 million during the time that they were active.
Based on the typical 20% commission charged by such services, Inferno and MS Drainer likely reaped a $28 million windfall from its clientele in less than a year. Meanwhile, the report notes, that when one wallet drainer disappears, others quickly emerge to fill the gap. The report suggests that Inferno’s exit paved the way for new groups like Angel Drainer to rapidly gain traction.
Sophisticated Techniques to Ensnare Victims
To deploy phishing sites at scale, scammers employ a range of devious techniques to drive traffic, hide identities, and harvest credentials. The most popular methods include hacking official social media accounts, exploiting airdrops, and buying ads. Stolen Discord links also offer fertile ground to cyber criminals.
Phishers may also opt to engage in social engineering tactics to target their victims. For instance, scam sites impersonating brokerage, crypto projects, and crypto wallet websites are often used to trick victims into signing malicious transactions to steal reward tokens from airdrops.
Multicall contracts and dummy wallet addresses further help drainers bypass security checks and wallet blacklists during the draining stage. These developments confirm that phishing tactics are becoming more advanced, dangerous, and harder to trace.
Over 145,000 Scam Sites Detected
Analyzing the phishing infrastructure, Scam Sniffer discovered 145,000 fraudulent crypto sites in 2023 and added nearly 100,000 malicious domains to its public blacklist.
Monthly phishing site numbers increased steadily throughout the year – clearly linked to the growing ecosystem of profitable wallet drainer services. Scammers heavily utilize anonymizing services like Cloudflare to conceal infrastructure while ensnaring victims.
A Collective Defense Against Deceptive Threats is Needed
The report stresses that defending against phishing requires collective action across crypto networks and non-crypto platforms alike. As scammers exploit trust at scale, security consciousness must be embedded firmly into community culture.
Scam Sniffer says that its research and blacklist provide vital intelligence to strengthen defenses and debunk assumptions about privacy. Educating the public is critical so crypto investors have a better grasp of phishing techniques instead of seeing digital assets as easy money.
With billions in funds drained yearly, scams are a threat to the reputation of the crypto ecosystem as more and more investors are lured into scams every year.
Overall, the report delivers an urgent wake-up call. As phishers industrialize deception, the burden is on legitimate platforms to protect less-informed investors. Otherwise, scam risks can continue to alienate traditional investors from engaging in crypto investing.
Criminals Drained Over $2 Billion from Crypto Investors Last Year
To supplement Scam Sniffer’s phishing expose, recent research reports help contextualize 2023’s $300 million theft toll.
Crypto Losses Exceeded $2 Billion in 2023
According to figures from analytics firm decentralized finance (DeFi), various hacks, scams, and rug pulls bled crypto users of nearly $2 billion last year. That’s roughly half the estimated $4 billion lost in 2022 – significantly inflated by major exchange collapses like FTX.
Though reduced year-over-year, a $2 billion loss still signals dramatic systemic issues around security practices as the adoption of crypto assets expands.
Most funds were stolen from the Ethereum ecosystem in over 170 separate incidents. The largest exploit netted $230 million from cross-chain bridge Multichain.
New Phishing Tactics Ensnare US Victims
Beyond quantified losses, the “pig-butchering” crypto investment scam has recently ensnared Americans. Perpetrators groom trusting relationships using fake identities over months before requesting investment funds.
Primarily originating in Southeast Asia, pig-butchering operations reportedly use exploited labor trafficking victims to interact with prospective marks. Estimates indicate that only 15% of pig-butchering cases actually get reported.
In December, the US DOJ announced an indictment regarding $80 million stolen via pig-butchering tactics. The traceability of crypto assets has allowed authorities to recover some of the lost funds. However, broader connections to transnational organized crime make crypto scams exceptionally dangerous and difficult to prevent for law enforcement agencies.