Large-scale theft of cryptocurrencies via phishing

In 2023, a sophisticated type of malware known as “Wallet drainer” caused the loss of approximately $295 million in cryptocurrency, affecting approximately 324,000 users, a recent report revealed. Security platform Scam Sniffer highlighted that in just one day, March 11, criminals stole nearly $7 million, largely taking advantage of fluctuations in USDC cryptocurrency rates, with users landing on phishing sites which mimicked Circle's interface.

Increase in phishing activity in the crypto sector

Researchers have noted a progressive increase in phishing activity over the last year, with scammers becoming increasingly aggressive in evading security measures. Although the criminal group known as Monkey Drainer, responsible for numerous phishing attacks, announced its dissolution on March 2, it still had time to direct its customers to another illegal service, managing to steal digital assets for a total value of approximately 16 million dollars.

The closure of dangerous groups of scammers

Similarly, Inferno Drainer dissolved during 2023, leaving behind thefts amounting to $81 million in crypto assets. The investigation also scrutinized the methods by which phishing sites obtain traffic. The strategies adopted by crypto-robbers include hacking Discord channels and official project accounts, followed by spreading dangerous URLs via posts.

Advertising strategies of cybercriminals

The researchers also found that, despite advertising restrictions from Google and other services, scammers were able to place paid ads on Google Search and other portals, thus amplifying the reach of their illicit operations. These findings raise troubling questions regarding the security and effectiveness of existing controls in the online advertising industry.