Cryptocurrency phishing fraud experienced a dramatic rise in losses during 2024, with increasingly advanced attacks, as revealed in the most recent report from Scam Sniffer.
Research from the web3 anti-scam platform Scam Sniffer indicates that victims of cryptocurrency phishing schemes lost nearly $500 million (£401 million) last year.
The latest annual Crypto Phishing Report for 2024 from the security provider noted a 67% surge in the occurrence of ‘wallet drainer’ malware attacks, which the company stated are employed on phishing sites to steal crypto assets by tricking users into consenting to harmful transactions.
These phishing schemes are crafted to entice victims into performing actions that enable cybercriminals to swiftly drain crypto assets, complicating the ability for law enforcement to trace the fraudulent transactions.
Scam Sniffer reported that some of the most prevalent methods phishing sites use to attract traffic for these attacks include hacking, particularly targeting Discord and Twitter accounts, manipulating organic traffic, utilising NFT or token airdrops, compromised expired Discord links, and even paid advertising through Google Search, Twitter, and Telegram.
The report, which examines Ethereum Virtual Machine (EVM) compatible networks, revealed that while the total number of victims grew by only 3.7%, reaching 332,000 addresses, the average loss per incident rose dramatically, with the largest individual theft amounting to $55.48 million (£44.5 million).
The study found that 2024 experienced a 56% rise in the frequency of significant loss incidents, with thirty thefts exceeding $1 million (£801k) documented.
The first half of the year witnessed numerous smaller-scale events, culminating in a peak between July and September, during which thefts totalled $55.48 million (£44.5 million) in August, and $32.51 million (£26 million) in September, representing 52% of the total large-scale losses for the year.
Throughout the year, Scam Sniffer noted that the first quarter of 2024 recorded the highest overall losses, totalling $187.2 million (£150 million) affecting 175,000 victims, with March seeing the most significant losses at $75.2 million (£60.3 million) lost to crypto phishing.
The report also underscores the shifting threat landscape as new techniques for evading security measures are constantly being devised by malicious actors.