- Wallet Drainers, a type of cryptocurrency malware, have caused a staggering loss of nearly $295 million to approximately 324,000 victims in the last year.
- Major incidents, such as thefts of millions of dollars, have been linked to Wallet Drainers, often coinciding with group-related events or hacking activities.
- Wallet Drainers, such as Inferno, MS, Angel, and Pink, have emerged prominently in the phishing landscape, demonstrating their adaptability and profitability.
Wallet Drainers, a burgeoning type of cryptocurrency malware, have marked a significant footprint in the digital asset world. These malicious software programs, operating on deceptive phishing websites, lure unsuspecting users into authorizing transactions that siphon off funds from their digital wallets. This phenomenon poses a serious threat to both individual investors and the broader cryptocurrency ecosystem.
Escalating Financial Impact: Wallet Drainers’ Theft Statistics

Scam Sniffer, a leading cybersecurity firm, reports a staggering loss of nearly $295 million due to Wallet Drainers, impacting around 324,000 victims in the last year. These figures underscore the severity and widespread nature of these attacks.
Major Incidents Highlighting Theft Trends

Notably, March 11 witnessed an alarming theft of $7 million, primarily attributed to the USDC rate fluctuations and phishing sites masquerading as Circle. Another significant theft incident occurred around March 24, coinciding with the hacking of Arbitrum’s Discord and their airdrop event. These incidents illustrate a pattern where major group-related events, such as airdrops or hackings, often precede spikes in theft.
Notable Wallet Drainers and Their Impact
Drainer Name | Total Stolen | Number of Victims | Start Date |
Inferno Drainer | $81 million | 134,000 | March, 2023 |
MS Drainer | $59 million | 63,000 | March, 2023 |
Angel Drainer | $20 million | 30,000 | March, 2023 |
Monkey Drainer | $16 million | 18,000 | August, 2022 |
Venom Drainer | $27 million | 15,000 | January, 2023 |
Pink Drainer | $18 million | 9,000 | March, 2023 |
Pussy Drainer | $15 million | 4,000 | January, 2023 |
Following ZachXBT’s exposure of Monkey Drainer, a shift in the phishing landscape was observed with new players like Inferno, MS, Angel, and Pink emerging prominently.
Alarming Scale and Profitability
The scale of operations and profitability of these Wallet Drainers is startling. For instance, Inferno Drainer alone amassed $81 million within nine months. These groups generally charge a 20% fee for their services, translating to enormous illicit profits.
Evolving Trends in Wallet Drainer Operations

The adaptability and evolution of Wallet Drainers are evident. Each time a major drainer exits the scene, new ones emerge to fill the void, continuously advancing their tactics.
Methods of Initiating Phishing Activities

- Hacking Attacks: Infiltrating official project Discord and Twitter accounts, or attacking project frontends and libraries.
- Organic Traffic: Utilizing airdrops of NFTs or tokens, exploiting expired Discord links.
- Paid Traffic: Deploying Google search ads, Twitter ads, etc.
While hacking attacks garner immediate community response, other methods like organic traffic and paid ads are more insidious and less noticeable.
Targeted Phishing Techniques
Wallet Drainers deploy sophisticated phishing techniques, tailoring their approach based on the assets in a victim’s wallet. Methods like GMX’s signalTransfer exploit specific vulnerabilities, revealing a refined approach to asset theft.
The Heaviest Losses: Victim Analysis
Victim Address | Total Stolen | Phishing Signature |
0x13e382dfe53207e9ce2eeeab330f69da2794179e | $24.05m | Increase Allowance |
0xea69653e6dd19789ac15ce5752547a94da8dd4cf | $4.47m | Increase Approval |
0x82287cdda3d1b5d26d49ce03280d07b86d54fe54 | $4.08m | ERC20 Permit |
0xf6b6f07862a02c85628b3a9688beae07fea9c863 | $3.83m | Approve |
0x1963ad313f41044a9a48397f31d21bc6a3b4c643 | $3.22m | Approve |
0x36b793f774aa4657109e11a2b47f758dabee7b42 | $2.29m | ERC20 Permit |
0xfab576ff46bd27b095a4eee4a293ecb0c41d5a85 | $2.25m | Approve |
0xdbecdbd53ff10183a0f9ddfb4eab1e52e806a4b3 | $1.49m | ERC20 Permit, Approve |
0xc0819e1e01204bcb9cb5a0a3be826afedad6edef | $1.28m | Uniswap Permit2 |
0xc53f38ae0b009bea9c96fd32767f4e4cbf10ffb6 | $1.24m | ERC20 Permit |
0x5197da90fb01040a1896a92616ecdfb5765b1134 | $1.19m | Approve |
0x5242dc2114bb40ed7482adcfab07384d069408cc | $1.04m | ERC20 Permit |
0x0e7a6b3b5ee4a1228a0334fa8170347a31538c49 | $1.03m | ClaimRewards |
This data showcases the most severely impacted victims, highlighting the diverse phishing signatures employed, such as Permit, Approve, and Increase Allowance. These victims collectively suffered losses exceeding $50 million.
Advanced Strategies: More Use of Smart Contracts
Utilizing Multicall for Efficiency

To expedite asset transfers, Wallet Drainers have started using multicall smart contracts. This method allows for simultaneous execution of multiple transactions, thereby reducing the window for victims to revoke authorization.
CREATE2 & CREATE for Evasion

In a tactical shift, Wallet Drainers are now using CREATE2 and CREATE functions. These tactics generate temporary addresses to bypass wallet security checks and complicate phishing research, as the destination of asset transfers remains concealed until the transaction is signed.
The Proliferation of Phishing Websites

A steady increase in the number of phishing websites correlates with the growing demand for Wallet Drainer services. Many of these sites use services like Cloudflare to obscure their actual server addresses, complicating efforts to track and shut them down.

Scam Sniffer’s Vigilance and Contributions
Scam Sniffer has played a pivotal role in combating Wallet Drainers:
- URL Monitoring: Scanning nearly 12 million URLs and identifying about 145,000 malicious ones.
- Blacklist Maintenance: Compiling an open-source blacklist with nearly 100,000 malicious domains.
- Awareness and Collaboration: Regularly reporting on Wallet Drainers and collaborating with major platforms to safeguard users.

Through these efforts, Scam Sniffer aims to fortify web3 security for a broader user base.
Conclusion
The alarming rise in Wallet Drainers necessitates heightened vigilance and proactive measures from both individual users and the crypto community. Staying informed about the latest phishing techniques and collaborating on security solutions are essential steps in mitigating the financial and reputational risks posed by these malicious entities. The crypto world must unite in its response to these sophisticated threats to ensure a secure and trustworthy digital asset environment.
Disclaimer
The information provided in this article is for informational purposes only and should not be considered financial advice. The article does not offer sufficient information to make investment decisions, nor does it constitute an offer, recommendation, or solicitation to buy or sell any financial instrument. The content is opinion of the author and does not reflect any view or suggestion or any kind of advise from CryptoNewsBytes.com. The author declares he does not hold any of the above mentioned tokens or received any incentive from any company.
images sources