Analysis of the 2024 Blockchain Security and Anti-Money Laundering Annual Report: Phishing and Scam Techniques

SlowMist
6 min readJan 10, 2025

--

Phishing attacks and Scams have become critical threats to the security of user assets in the blockchain ecosystem. In 2024, Wallet Drainer attacks resulted in approximately $494 million in losses, with the largest single theft amounting to $55.48 million, highlighting a significant upward trend in the scale of losses. Regarding fraudulent tactics, we have provided a detailed analysis in a previous article, which readers can access via the related link below. This article will focus on an in-depth analysis of the current state, key data, and evolving trends of Wallet Drainer attacks, along with effective prevention strategies.

Phishing Attack

This section focuses on analyzing Wallet Drainer attacks on EVM-compatible chains. Special thanks to ScamSniffer for their valuable contribution to this analysis.

Wallet Drainer is an attack method deployed on phishing websites, where users are tricked into signing transactions that lead to the theft of their crypto assets. With Bitcoin prices reaching all-time highs, more users have been drawn to cryptocurrency investments and trading, resulting in a significant increase in on-chain activity. However, this heightened activity has also provided attackers with more opportunities to launch phishing attacks. Key metrics from Wallet Drainer attacks in 2024 reveal an increasingly severe security landscape:

  • Total Loss: $494M USD, up 67%
  • Number of Victims: 332,000 addresses, up 3.7%
  • Largest Single Theft: $55.48M USD
  • Number of Large-scale Thefts: 30

The attack activities throughout the year showed a phased variation. Losses were most severe in the first quarter, reaching $187 million, with 175,000 victims, and peaking in March with monthly losses of $75 million. Losses eased in the second and third quarters, totaling $257 million, with the number of victims dropping to 90,000. By the fourth quarter, losses had decreased to $51 million, and the number of victims fell to 30,000, indicating an improvement in market security.

From an on-chain distribution perspective, users suffered the most significant losses on Ethereum, amounting to $156 million. Losses on Arbitrum, Blast, Base, and BNB Chain were comparatively lower. Additionally, the targeted asset types were primarily concentrated in Staking & Restaking (40.9%) and Stablecoins (33.5%).

The market landscape underwent significant shifts throughout the year. From Q1 to Q2, the market was dominated by three major Wallet Drainers: Angel (42%), Pink (28%), and Inferno (22%). In Q3, the dynamic shifted to a two-way competition, with Inferno taking the lead (43%) while Angel’s share decreased to 25%. By Q4, a new pattern emerged as Inferno and Angel jointly held 45% of the market, but Acedrainer rose rapidly, capturing a 20% share. Meanwhile, other emerging Drainers accounted for 25%, indicating a gradual decentralization of the market and increased diversity in competition. Notably, Pink Drainer exited the market in Q2, and Inferno Drainer announced its exit in Q4, with its operations taken over by Angel Drainer.

Permit signatures remain the primary method for phishing attacks, accounting for 56.7%. Additionally, the setOwner signature targeting Proxy to modify ownership addresses deserves attention. In one incident in August, a setOwner phishing signature led to a victim losing $55 million in DAI.

Phishing websites typically drive traffic through various deceptive means:

  • Hacking: Attackers may compromise official project Discord or X accounts to post phishing links. Additionally, they could guide users to phishing sites through front-end tampering or supply chain attacks.
  • Natural Traffic: Attackers attract users through NFT or token airdrops or take over expired Discord links to lure victims.
  • Paid Traffic: Phishing sites are often promoted through ads on Google Search, Twitter, or Telegram, embedding phishing links in high-traffic channels.
  • Other: Methods include email phishing, social media scams, or private messages on instant messaging platforms.

To combat increasingly sophisticated phishing attacks, users can strengthen their defense by taking the following measures:

  • Basic Protection: Use secure wallets with phishing detection; adopt a multi-wallet strategy to diversify assets; install security plugins like ScamSniffer.
  • Signature Security: Be cautious of permit/approve authorization signatures; only access DApps through official channels; verify the authenticity of social media links; ensure understanding of transaction impact before signing.
  • Behavioral Recommendations: Stay calm and avoid FOMO (fear of missing out); regularly check token authorizations; use hardware wallets for managing high-value assets; prepare an emergency plan.

Scam Techniques

According to the data collected by the SlowMist AML team, scams remain one of the primary causes of losses. This issue has become particularly pronounced with the influx of new users into the Web3 space during bull markets. Many newcomers, unaware of the dangers lurking in the dark forest of blockchain will often fall victim to scams early on. To address this, we introduce several common scam tactics to help users understand and avoid typical risks. As we have analyzed these scam methods in detail in previous articles, interested readers can click the link to read the related content.

  • Mining Scams: Scammers lure users into investing by promising high returns through fake mining pools, often impersonating well-known exchanges in Telegram groups. Once users invest their funds, scammers use various tactics to encourage further investments.
  • Arbitrage Scams: Scammers exploit the AI concept to attract users, claiming to offer arbitrage bots. They provide code for users to deploy smart contracts and invest funds, only to steal the funds in the end.
  • Airdrop Scams: Scammers create fake airdrop campaigns to trick users into clicking phishing links or downloading malicious software. Some airdrops involve fake tokens, and attackers can also steal Gas fees through malicious contracts.
  • X Account Compromise: Hackers infiltrate well-known accounts to spread false information or promote fraudulent tokens, leading users to make transactions and suffer losses.
  • Honeypot Scams: This scam tempts users to buy rapidly appreciating tokens, with scammers using contracts to restrict the ability to sell, trapping users’ funds.
  • Trojan Attacks: Hackers use fake Zoom meeting links to lure users in. When users click on the link, they unknowingly download malicious software, leading to the theft of their crypto assets.

Here’s the link to the full report. Happy reading and feel free to share!

https://www.slowmist.com/report/2024-Blockchain-Security-and-AML-Annual-Report(EN).pdf

About SlowMist

SlowMist is a blockchain security firm established in January 2018. The firm was started by a team with over ten years of network security experience to become a global force. Our goal is to make the blockchain ecosystem as secure as possible for everyone. We are now a renowned international blockchain security firm that has worked on various well-known projects such as HashKey Exchange, OSL, MEEX, BGE, BTCBOX, Bitget, BHEX.SG, OKX, Binance, HTX, Amber Group, Crypto.com, etc.

SlowMist offers a variety of services that include but are not limited to security audits, threat information, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) software, MistEye (Security Monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, RC², TianJi Partners, IPIP, etc. Our extensive work in cryptocurrency crime investigations has been cited by international organizations and government bodies, including the United Nations Security Council and the United Nations Office on Drugs and Crime.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we could spread awareness and raise the security standards in the blockchain ecosystem.

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

No responses yet