In 2024, the Web3 space was hit hard by a relentless wave of phishing attacks, resulting in a staggering $494 million in losses. According to Scam Sniffer’s 2024 phishing report, this marked a 67% increase compared to the previous year. Wallet drainer malware has become increasingly sophisticated, posing new risks for users in the decentralized world.
Although the number of victims only increased by 3.7%, the cost per attack saw a sharp rise. The largest single loss of the year amounted to $55.48 million, underscoring the growing threat and the significant financial risks at stake.
Ethereum bore the brunt of these attacks, with 25 major incidents leading to $152 million in losses. While other blockchains like Arbitrum, Blast, Base, and BNB Chain were also targeted, none experienced the same level of exploitation as Ethereum.
The Timeline of Attacks
The first quarter of 2024 witnessed the highest losses, totaling $187.2 million and affecting 175,000 victims. March was particularly devastating, with $75.2 million stolen, partly due to increased on-chain activity driven by the rising Bitcoin price.
Phishing attacks peaked in the second and third quarters of the year. In August, $55.48 million was lost, followed by $32.51 million in September. These two months accounted for over half of the year’s total large-scale losses.
In the final quarter of the year, losses decreased to $51 million, attributed to enhanced security measures and increased awareness among users and projects regarding phishing risks.
Wallet Drainer Tactics Evolve
In 2024, wallet drainer strategies underwent significant changes. Large nets like Pink disappeared in the second quarter, allowing Inferno to capture 45% market share by year-end.
Attackers also developed new tactics to circumvent defenses, utilizing wallet normalization processes and exploiting full access signature permissions. Phishing signatures such as ‘Permit’ and ‘setOwner’ were often used to carry out concentrated cyber thefts, with the largest incident resulting in the loss of $55 million in DAI.
Any Hope Ahead?
Despite the challenges faced in 2024, the year also showcased the potential for enhanced security technologies. With improved security practices and increased awareness, there is optimism for a safer future in Web3. Developers, security analysts, and users must collaborate to stay ahead of evolving threats and safeguard decentralized finance.