In 2024, the Web3 space faced an alarming surge in phishing attacks, resulting in $494 million in losses—a staggering 67% increase compared to the previous year. According to Scam Sniffer’s 2024 phishing report, these attacks have shown no signs of slowing down as the tactics employed by cybercriminals have become more sophisticated. The focus this year has been predominantly on Ethereum, which experienced the greatest impact, suffering $152 million in losses due to 25 major attacks.
The second and third quarters of the year were particularly severe. August saw a striking $55.48 million loss, while September followed closely with $32.51 million. This distressing trend illustrates the escalating threat, with wallet drainer malware evolving and posing new risks for users in the decentralized finance ecosystem.
The timeline of attacks paints a grim picture. The first quarter of 2024 alone accounted for $187.2 million in losses, affecting around 175,000 victims. March was especially brutal, witnessing $75.2 million stolen. This wave of theft can be partially attributed to increased on-chain activity fueled by surging Bitcoin prices. The heights of phishing attacks reached their peak during the subsequent quarters, with the cumulative losses in August and September surpassing half of the total losses for the year.
While the final quarter of 2024 saw a drop in losses to $51 million, thanks in part to enhanced security initiatives and an uptick in user awareness, the damage had already been done. Other blockchains like Arbitrum, Blast, Base, and BNB Chain faced attacks too, but none were hit as hard as Ethereum.
As for the tactics used, wallet drainer strategies experienced significant evolution this year. Major networks like Pink were rendered ineffective, allowing Inferno to capture roughly 45% of the market share by year-end. Cybercriminals have adapted quickly, utilizing wallet normalization processes and manipulating full access signature permissions.
Phishing signatures—think ‘Permit’ and ‘setOwner’—are now common tools for executing concentrated cyber thefts, with the largest single theft causing a loss of $55 million USD in DAI.
Despite these challenges, 2024 has illuminated paths to enhanced security solutions. There is optimism for a safer Web3 future, but it will demand collective efforts from developers, security analysts, and users to stay ahead of lurking threats and bolster defenses in the world of decentralized finance.
Whether you’re a seasoned participant in the crypto space or just dipping your toes in, the lessons from this year’s upheaval in security are clear: vigilance, education, and improved technology are crucial to protecting your assets from the insidious tactics of cybercriminals.
