Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses.

This marks a 67% increase over 2023 figures although the number of victims only rose by 3.7%, indicating that victims held more significant amounts on average.

The data comes from web3 anti-scam platform ‘Scam Sniffer,’ which has been tracking wallet drainer activity for a while now, previously reporting attack waves that impacted up to 100,000 people at once.

Wallet drainers are phishing tools specifically designed to steal cryptocurrency or other digital assets from users’ wallets, often deployed on fake or compromised websites.

In 2024, Scam Sniffer observed 30 large-scale (above $1 million) thefts conducted via wallet drainers, with the largest single heist cashing in $55.4 million worth of cryptocurrency.

This occurred early in the year when Bitcoin’s price hikes fueled phishing activity. In the first quarter of the year, a total of $187 million was stolen via wallet drainer attacks.

In the second quarter of the year, a notable drainer service named ‘Pink Drainer,’ previously seen impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks, announced its exit.

Although this caused a drop in phishing activity, the scammers started to gradually pick up the pace in the third quarter with the Inferno service taking the the lead by causing $110 million in losses in August and September combined.

Finally, the activity subsided in the final quarter of the year, which only accounted for about 10.3% of the total losses recorded in 2024. At that time, Acedrainer also emerged as a major player, taking 20% of the drainer market, ScamSniffer says.

Most of the losses (85.3%) occurred on Ethereum, amounting to $152 million while staking (40.9%) and stablecoins (33.5%) were among the most targeted.

Regarding trends seen in 2024, Scam Sniffer highlights the use of fake CAPTCHA and Cloudflare pages, and IPFS to evade detection, as well as a shift in signature types facilitating money theft.

Specifically, most thefts relied on the ‘Permit’ signature (56.7%) or ‘setOwner’ (31.9%) to drain funds. The first gives approval for token spending as per the EIP-2612 standard, while the second updates smart contract ownership or administrative rights.

Another noteworthy trend is the increased use of Google Ads and Twitter ads as a source of traffic to the phishing websites, with the attackers using compromised accounts, bots, and fake token airdrops to achieve their goal.

To protect from Web3 attacks, the recommendation is to interact only with trusted and verified websites, cross-check URLs with official project websites, read transaction approval prompts and permission requests before signing, and simulate transactions before performing them.

Many wallets also offer built-in warnings for phishing or malicious transactions, so make sure to enable those. Finally, use token revoking tools to ensure no suspicious permissions are active.