Crypto phishing scams net $300 million from unsuspecting investors in 2023 Crypto phishing scams net $300 million from unsuspecting investors in 2023
Malicious players leverage wallet drainers to orchestrate their phishing attacks against investors.
2 min read
Updated: Jan. 2, 2024 at 1:20 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Phishing scams stole around $300 million worth of cryptocurrencies from 320,000 investors in 2023, according to the yearly report from web3 security firm Scam Sniffer.
Phishing scams are one of the most common means of attack against the emerging industry and have resulted in the loss of millions of funds. In one incident, these scammers stole $24.23 million of liquid-staked Ethereum, including 4,851ย rETHย (worth $8.58 million) and 9,579ย stETH ($15.63 million).
Wallet drainers reign supreme
According to the report, malicious actors leveraged wallet drainers to orchestrate these phishing attacks.
Wallet drainers are usually embedded within phishing websites, deceiving unsuspecting individuals into authorizing malicious transactions that would enable the theft of their digital assets from their cryptocurrency wallets.
ScamSniffer’s exhaustive analysis identified six prominent wallet drainer service providers, including Inferno, MS, Angel, Monkey Drainer, Venom Drainer, Pink Drainer, and Pussy Drainer.
The Inferno Drainer emerged as the top player among these scammers, facilitating the theft of $81 million from 134,000 users over nine months. The crypto wallet-draining kit operator shut operations in November 2023.
Similarly, MS Drainer and Angel Drainer capitalized on this trend, pilfering $59 million from 63,000 users and $20 million from 30,000 victims, respectively.
Another prominent player, Monkey Drainer, stole $16 million from 18,000 people. It shut operations in March last year.
These Wallet Drainer services providers earned at least $47 million from their 20% drainer fee.
Phishing scammers tactics
Scam Sniffer exposed various methods employed by the attackers, encompassing hacking attacks, organic and paid traffic strategies.
Attackers infiltrate official social media accounts of projects or manipulate their front end and libraries. Tactics such as spam mentions, comments on Twitter, fake airdrops, expired Discord links and paid adverts on Google search and Twitter drive traffic, often escaping detection compared to blatant hacking attempts.
It is imperative to note that the phishing attack method chosen hinges on the content of the victimโs wallet.
Scam Sniffer said it scanned nearly 12 million URLs during the reporting period, unearthing about 145,000 malicious URLs. Presently, the firm’s blacklist contains approximately 100,000 malicious domains, signifying the scale of the ongoing threat.
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
Editor Editor 
News Desk
CryptoSlate is a comprehensive and contextualized source for crypto news, insights, and data. Focusing on Bitcoin, macro, DeFi and AI.
In this article
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
