Phishing scam ‘stole’ $300 million from cryptocurrency investors in 2023

[ad_1]

according to Report Phishing scams stole approximately $300 million worth of cryptocurrency from 320,000 investors in 2023, according to a report by web3 security firm Scam Sniffer.

*Phishing scam: A form of cyber attack in which an attacker pretends to be a reputable organization and tricks users into providing them with personal information.

Phishing scams are one of the most common attack methods that continue to cripple emerging industries, resulting in the loss of millions in cryptocurrency funds. At one point, these scammers stole $24.23 million worth of liquid staked Ethereum, including 4,851 rETH (worth approximately $8.58 million) and 9,579 stETH (worth approximately $15.63 million).

Wallet-Eating Websites Dominate the Market

Scammers use cash-out tools to stage these phishing attacks, the report said.

Withdrawal tools are often sophisticatedly embedded into phishing websites, tricking unsuspecting users into allowing malicious transactions to be made, thereby stealing digital assets from their cryptocurrency wallets.

ScamSniffer’s comprehensive analysis identified six well-known wallet emptying service providers, including Inferno, MS, Angel, Monkey Drainer, Venom Drainer, Pink Drainer, and Pussy Drainer.

Inferno Drainer is the leader of these scam sites, helping 134,000 users steal $81 million in the past nine months. The crypto wallet withdrawal kit operator ceased operations in November 2023.

Likewise, MS Drainer and Angel Drainer also took advantage of this trend, stealing $59 million and $20 million from 63,000 users and 30,000 victims respectively.

Another famous website, Monkey Drainer, stole $16 million from 18,000 users. It was closed last March.

These wallet withdrawal service providers earned at least $47 million from the 20% fee.

Phishing Scam Tactics

Scam Sniffer exposes various methods used by attackers, including hacking and organic and paid traffic tactics.

Attackers infiltrate a project’s official social media accounts or manipulate its user interface and libraries. Tactics such as spam mentions, Twitter comments, fake airdrops, expired Discord links, paid ads on Google Search, or traffic on Twitter are often harder to detect than direct hacking.

It is important to note that the phishing attack method chosen depends on the contents of the victim’s wallet.

Scam Sniffer said it scanned nearly 12 million URLs during the reporting period and detected approximately 145,000 malicious URLs. Currently, the company’s blacklist contains approximately 100,000 malicious domains, demonstrating the scale of the ongoing threat.