jakiro
Author: scam sniffer; Translation: 0xjs@作 作 作 作 作 作
introduction
Wallet Drainers is a malicious software related to cryptocurrency, which has achieved huge “success” in the past year.These softwares are deployed on a fishing website to trick users to sign malicious transactions, thereby stealing assets from their cryptocurrency wallets.These online fishing activities continue to attack ordinary users in various forms, leading to major economic losses that have inadvertently signed malicious transactions.
Fishing fraud statistics
In the past 2023,SCAM SIFFER monitored these Wallet Drainers to steal nearly $ 295 million in assets from about 324,000 victims.
Fishing fraud trend
It is worth mentioning that nearly 7 million US dollars were stolen on March 11.Most of them are caused by the fluctuation of USDC exchange rates, because the victims encountered a fishing website that pretended to be a Circle.Near March 24, Arbitrum’s Discord was attacked by hackers and a major theft occurred.Their airdrop date is also close to this date.
Each peak of theft is related to group -related events.These may be airdrops or hackers.
Wallet Drainers
Following Zachxbt’s exposure Monkey Drainer, they have been active for 6 months. They announced their withdrawal.Venom then took over most of their customers.Subsequently, MS, Inferno, Angel, and PINK all appeared around March.As Venom stops services around April, most online fishing gangs turned to other services.
The scale and speed are all upgraded.For example, Monkey sucked 16 million US dollars in 6 months, while Inferno Drainer significantly exceeded this number, and absorbed $ 81 million in just 9 months.
Based on the cost of 20% of Drainer, they made at least $ 47 million by selling Wallet Drainers.
Wallet Drainers trend
It can be seen from the trend analysis that online fishing activities have continued to grow.and,Whenever a drainer exits, there will be new Drainer replaced themFor example, Angel seems to be the new substitute after Inferno’s announcement.
How do they launch online fishing activities?
These fishing websites are mainly obtained through the following ways:
-
Hacker attack
-
Official project Discord and Twitter accounts are hacked
-
Attack on the front end of the official project or the library used
-
Natural traffic
-
NFT or token airdrop
-
Expired Discord link is taken over
-
Spam on Twitter’s spam mentioned and commented
-
Paid traffic
-
Google search advertisement
-
Twitter advertising
Although hackers have a wide range of influences, the community usually responds quickly, usually within 10 to 50 minutes.However,The Discord links of airdrops, natural flow, paid advertising and receiving are not very eye -catching.
In addition, there are more targeted personal private message fishing behaviors.
Common online fishing signatures
Different types of assets are targeted at different online fishing signature methods.The picture above is some common online fishing signature methods.The type of assets of the victim’s wallet will determine the type of malicious online fishing signature.
Judging from the case of stealing Reward LP tokens using GMX’s Signaltransfer, it is clear that they have a very delicate way to use specific assets.
The first 13 fishing victims
The above is the most serious victim affected by theft, with a cumulative loss of 50 million US dollars.It can be seen,The main reason is to sign fishing signatures such as Permit, Permit2, APPROVE, Increase Allowance.
Use smart contracts more
Multicall
Since Inferno, they have also started using smart contracts.For example, the amount of allocation requires two transactions.This may not be fast enough, resulting in the victims that may revoke authorization before the second transfer.To improve efficiency, they use Multical more efficient asset transfer.
Create2 & amp; create
Similarly, in order to bypass some wallet security inspections, they also tried to use Create2 or Create functions to dynamically generate temporary addresses.This will cause the blacklist of the wallet to lose its effect, and it will also cause more trouble to fishing research, because the asset transfer destination is unknown before your signature, and the temporary address does not have analytical significance.
Compared with last year, this is a major change.
Internet fishing website
By analyzing the trend of the number of fishing websites, it can be seen that fishing activities are gradually increasing every month.This is closely related to the profit and stability of Wallet Drainers services.
The above is the main domain name registrar used by these fishing websites.By analyzing the server address, you can also find that most of them use services such as Cloudflare to hide their real server address.
What did SCAM SNIFFER do?
Last year, SCAM SNIFFER scanned nearly 12 million URLs and found nearly 145,000 malicious URLs.The open source blacklist of SCAM SNIFFER currently contains nearly 100,000 malicious domain names. We continue to push these malicious website domain names to platforms such as Chainabuse.
SCAM SNIFFER also continuously reports multiple well -known wallets, and continues to share information about major theft cases on social media platforms to increase the public’s understanding and understanding of online fishing threats.
At present, SCAM SNIFER has assisted some well -known platforms to protect its users and is committed to providing Web3 security for the next billion users.
