Ethereum Under Fire! $152 Million Lost in 2024 Crypto Phishing Attacks

In 2024, the Web3 space faced an unrelenting wave of phishing attacks, leading to a staggering $494 million in losses. According to Scam Sniffer’s 2024 phishing report, this marks a 67% increase compared to the previous year. Wallet drainer malware is becoming increasingly complex, opening up new risks for users in the decentralized world.

While the number of victims only grew by 3.7%, the cost per attack has sharply increased. The year’s largest single loss, $55.48 million, showing the growing threat and the serious financial risks involved.

Ethereum bore the brunt of the attacks, with 25 major incidents resulting in $152 million in losses. Other blockchains, including Arbitrum, Blast, Base, and BNB Chain, were also targeted, but none faced the same scale of exploitation as Ethereum.

The Timeline of Attacks

The first quarter of 2024 saw the highest losses, totaling $187.2 million and impacting 175,000 victims. March was particularly devastating, with $75.2 million stolen, partly due to the increased on-chain activity driven by the rising Bitcoin price.

Phishing attacks reached their peak in the second and third quarters of 2024. In August, $55.48 million was lost, and in September, the figure stood at $32.51 million. These two months contributed to over half of the year’s total large-scale losses.

In the last quarter of the year, losses fell to $51 million, thanks to stronger security measures and growing awareness among users and projects about phishing risks.

Wallet Drainer Tactics Evolve

The wallet drainer strategies, in particular, changed a great deal in 2024. This also resulted in large nets like Pink disappearing in the second quarter of the year, enabling Inferno to take over 45% market share come year-end. 

Attackers also learned new tricks to work around defences; using wallet normalization processes and exploiting other full access signature permissions. It was often seen that phishing signatures like ‘Permit’ and ‘setOwner’ were used to perform other concentrated cyber thefts, the largest of which caused the loss of $55 Million USD in DAI.

Any Hope Ahead?

Despite the difficulties of 2024, the year has also highlighted the potential for improved security technologies. With better security practices and more awareness, there is hope for a safer future in Web3. Developers, security analysts, and users will need to collaborate to stay ahead of evolving threats and protect decentralized finance.