Cryptocurrency users have recently faced an amplified threat as phishing attacks targeting crypto wallets have sharply risen. These mechanisms exploit various blockchain networks like Ethereum, Binance Smart Chain, Polygon, and Avalanche, among nearly 20 others, with tailored techniques to drain crypto wallets.
A prime culprit of this wave is the cybercrime group Angel Drainer. They’ve capitalized on these opportunities by selling access to a “scam-as-a-service.” Collaborators get access to wallet-draining scripts and other services from the group for between 20% and 30% of their ill-gotten earnings.
Stay One Step Ahead of Cyber Threats
Web3 anti-scam solution provider Scam Sniffer describes such vendors as specializing in executing multi-chain scams while pocketing roughly a fifth of the stolen assets as their service fee.
These unscrupulous practices largely involve the usage of a crypto-draining kit designed specifically to transfer cryptocurrency from victims’ wallets illegally without their knowledge or consent.
Potential victims are often led astray on counterfeit websites made prevalent through malvertising schemes or pestering emails/messages over social media platforms. Wallet theft usually occurs by seemingly innocent actions such as claiming an ‘airdrop.’
Corrupt smart contracts clandestinely boost attackers’ allowances, pretending it’s part of customer interactions, which enables them to carry out token theft activities sans additional user interventions. The attack continues when asset liquidation happens once users inadvertently grant funds-access rights. Thieves employ hiding tactics to cover tracks and hamper detection attempts, including mixers methods or numerous transaction routes masking financial movements.
Inferno Drainer was another rouge service responsible for stealing more than $70 million worth of cryptocurrencies, affecting just over 103,000 people within just over a year since its origin late in 2022 before suspending operations in November last year.
Scam Sniffer, a web3 anti-scam tool featuring a Chrome extension, API, and Discord bot, is designed to help users identify scam websites and malicious transactions. Recently, Scam Sniffer highlighted phishing scams involving fake ads for cryptocurrency platforms. These ads, found on Google and social media platform X (formerly known as Twitter), lured users to fraudulent sites that emptied digital wallets upon entry, emphasizing the need for heightened vigilance.
As a protective measure against such scams, experts advocate using hardware wallets, which enhance security with routine authenticity verifications & legitimization of smart contracts. Two of the biggest and most respected companies offering hardware wallets are Ledger and Trezor.
"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional