In the year 2024, the Web3 ecosystem faced a formidable surge of phishing attacks, culminating in losses amounting to a staggering $494 million. According to Scam Sniffer’s comprehensive phishing report for 2024, this represents a dramatic 67% increase compared to the previous year. As wallet drainer malware evolves in complexity, it opens up unprecedented risks for users navigating the decentralized world.
Although the number of victims rose modestly by 3.7%, the financial impact per attack escalated sharply. The most significant single loss of the year amounted to $55.48 million, underscoring the escalating threat and the severe financial risks involved.
Ethereum was the primary target of these attacks, suffering 25 major incidents that resulted in $152 million in losses. Other blockchains, such as Arbitrum, Blast, Base, and BNB Chain, were also targeted, but none faced exploitation on the same scale as Ethereum.
The Timeline of Attacks
The first quarter of 2024 was particularly harsh, with losses totaling $187.2 million and affecting 175,000 victims. March was notably devastating, with $75.2 million stolen, partly due to increased on-chain activity fueled by the rising Bitcoin price.
Phishing attacks escalated during the second and third quarters of 2024. In August, losses amounted to $55.48 million, and in September, the figure reached $32.51 million. These two months accounted for more than half of the year’s total large-scale losses.
During the final quarter of the year, losses decreased to $51 million, thanks to more robust security measures and heightened awareness among users and projects regarding phishing risks.
Evolution of Wallet Drainer Tactics
The strategies employed by wallet drainers underwent significant changes in 2024. This shift led to the disappearance of large networks like Pink in the second quarter, paving the way for Inferno to capture a 45% market share by year-end. Attackers adapted by developing new methods to circumvent defenses, utilizing wallet normalization processes, and exploiting other full access signature permissions. Phishing signatures such as ‘Permit’ and ‘setOwner’ were frequently used to execute concentrated cyber thefts, the largest of which resulted in the theft of $55 million USD in DAI.
Is There Hope for the Future?
Despite the challenges of 2024, this year has also underscored the potential for enhanced security technologies. With improved security practices and increased awareness, there is optimism for a safer future in the Web3 domain. Developers, security analysts, and users must collaborate to stay ahead of evolving threats and safeguard decentralized finance.
