“Wallet Drainers, a type of malware related to cryptocurrency, has achieved significant success over the past year,” the researchers write. The code is deployed on phishing websites to trick users into signing malicious transactions, thereby stealing assets from their cryptocurrency wallets. These phishing activities continue to attack ordinary users in various forms, leading to significant financial losses for many who unwittingly sign malicious transactions.
The year was marked by several major cryptocurrency thefts enabled by social engineering.
“It is worth mentioning that almost $7 million was stolen on March 11 alone,” the researchers write. “Most of it was due to fluctuations in USDC rates, as victims encountered phishing websites impersonating Circle. There were also significant thefts close to March 24, when Arbitrum’s Discord was hacked and their airdrop date is also near that. Each peak in theft is associated with group-related events. These could be airdrops or hacking incidents.”
The researchers tracked six major wallet drainers, each of which pilfered tens of millions of dollars in 2023.
“Following ZachXBT’s exposure of Monkey Drainer, they announced their departure after being active for 6 months,” the researchers write. “Venom then took over most of their clientele. Subsequently, MS, Inferno, Angel, and Pink all appeared around March. As Venom stopped services around April, most phishing gangs turned to using other services. The scale and speed have escalated alarmingly. For instance, Monkey drained $16 million over a span of 6 months, while Inferno Drainer outpaced this significantly, looting $81 million in just 9 months. Based on a 20% Drainer fee, they profited at least $47 million from selling wallet drainer services.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
CryptoSlate has the story.