Crypto wallet drainers have become the scourge of cryptocurrency and Web3 over the past year. These types of malware employ clever phishing techniques to trick users into signing malicious transactions, thereby draining assets from their cryptocurrency wallets.
According to data aggregation site Scam Sniffer, wallet drainers stole close to $295 million from approximately 324,082 victims in 2023. The scale and sophistication of attacks continue to accelerate at an alarming pace.
Behind the staggering nine-figure theft statistics lies an entire shadow economy centered around selling phishing as a service to enable crypto theft. Security expert ZachXBT shone a spotlight on this phenomenon last August when he exposed one prolific wallet drainer dubbed “Monkey Drainer.” During its six-month run, Monkey Drainer managed to loot $16 million from 18,000 victims.
Yet Monkey Drainer pales in comparison with more recent wallet drainers like “Inferno Drainer.” After being active for only nine months, Inferno stole an astonishing $81 million from 134,000 victims. Assuming a typical 20% fee charged by drainers, Inferno likely pocketed over $16 million in profits for its phishing services.
And whenever one wallet drainer exits, another swiftly emerges to take its place. Inferno announced its retirement in April, but the preceding month saw replacements like “Angel Drainer” appear on the scene, victimizing 30,000 people out of $20 million so far.
Numerous crypto wallet drainers emerge one after the other
Three Primary Phishing Methods The wallet drainer ecosystem relies on three primary methods to direct victim traffic toward their phishing sites:
Hacking attacks: infiltrating official social media channels and frontends of crypto projects to broadcast fraudulent links.
Organic traffic: riding hype around airdrops, expired Discord links, spam comments to attract unwitting visitors.
Paid traffic: buying ads on Twitter and Google to elevate phishing links in search results and timelines.
While hacking tends to prompt a quicker community response, the other tactics prove more covert and just as damaging over time.
Users should remain vigilant about crypto-related messages and exercise skepticism whenever asked to sign transactions authorizing the withdrawal of funds. Only sign messages on official project sites accessed directly by URL, not through redirects.
Following basic security hygiene remains the best defense against phishers. Yet scam innovation perhaps inevitably stays one step ahead, as the explosive growth of wallet draining signifies.