According to an annual report by Scam Sniffer, a web security company, Phishing scammers stole about $300 million worth of cryptocurrency from 320,000 investors in 2023.

Phishing scams are among the most common ways to dishonestly mine digital assets, resulting in the loss of millions of funds. In one case, scammers stole $24.23 million on the Ethereum network, including 4,851 rETH (worth $8.58 million) and 9,579 stETH ($15.63 million).

Wallet thieves reign supreme

According to the report, attackers used wallet-draining software to orchestrate these phishing attacks.

Wallet drainers are typically embedded in phishing websites, tricking unsuspecting people into authorizing malicious transactions that will steal their digital assets from cryptocurrency wallets.

ScamSniffer identified six known wallet-draining providers, including Inferno, MS, Angel, Monkey Drainer, Venom Drainer, Pink Drainer, and Pussy Drainer. So how much did they earn?

– Inferno Drainer ranked first among these scammers, facilitating the theft of $81 million from 134,000 users in nine months.
– MS Drainer and Angel Drainer stole $59 million from 63,000 users and $20 million from 30,000 victims, respectively.
– Monkey Drainer stole $16 million from 18,000 people.
– Wallet Drainer service providers earned at least $47 million.

Phishing scam tactics

Scam Sniffer uncovered various methods attackers use, including hacking and organic and paid traffic strategies.

Attackers infiltrate projects’ official social media accounts or manipulate their front end and archives. Tactics such as spammy mentions, X (Twitter) comments, fake airdrops, expired Discord links, and paid Google search ads drive traffic, often going undetected compared to blatant hacking attempts.

Scam Sniffer said it scanned nearly 12 million URLs during the reporting period, finding about 145,000 malicious URLs. The company’s blacklist currently contains around 100,000 malicious domains, indicating the scale of the current threat.