Crypto Phishing Attacks Spike As Cryptocurrency Adoption Skyrockets

Published on January 06, 2022

As cryptocurrency adoption skyrockets, so does the interest of hackers. The cryptocurrency industry had seen its fair share of security breaches in 2021, with an estimated 145% increase in security breaches and over $4B in stolen funds, according to a report published by Invezz.

In the last quarter of 2021, we saw a massive spike in crypto phishing attacks as hackers tried to expand (and simplify) their methods to take advantage of this enormous growth. In this post, we'll look back at 2021 and analyze some of the trends in crypto phishing.

Let's start with the big picture. In 2021, 4% of phishing attacks targeted cryptocurrency users. Although a small percentage, it's still a 4x increase from the year before. The first quarter of 2021 looked similar to 2020, with less than 1% of phishing attacks being crypto phishing. However, in comparison, in Q4 2021, crypto phishing accounted for 11% of all phishing URLs. This trend appears to coincide with the growth of global crypto users.

Source: research

Most Impersonated Brands

Brand Service Type % of Crypto Phishing Centralized Exchange 21.51%
PancakeSwap DeFi 20.29%
Trust Wallet Wallet 13.56%
MetaMask Wallet 13.29%
WalletConnect Wallet 12.79%
Uniswap DeFi 4.07%
Exodus Crypto Wallet Wallet 2.76%
Luno Centralized Exchange 2.67%
Coinbase Centralized Exchange 2.62%
Paxful Centralized Exchange 0.63%

Although it's not a surprise that majority of the top 10 brands are either centralized exchanges or wallets, we could not identify any correlation between a brand's rank and its popularity, e.g., users or trade volume.

Brands in the Wallets (43%) and Centralized Exchanges (28%) categories were the most impersonated, followed by Decentralized Finance (DeFi) services (26%).

It's no wonder that the increase of interest in DeFi sparked given the volume on Decentralized Exchanges grew 5x compared to last year. Yet, we find it interesting, since DeFi services are geared towards advanced crypto users - with perhaps stronger security awareness than novice users who dabble in crypto. NFT and crypto/blockchain games accounted for less than 2% of crypto phishing despite a very active year.


Some quick figures:

Interestingly, 62% of crypto phishing URLs were hosted on second-level domains, needing a paid domain registration. Additionally, most domains were look-alike impersonating known brands or having known crypto jargon such as 'dapp' (stands for Decentralized App), 'wallet', etc.

2022 Outlook

Crypto is still in its early stages. However, as it becomes more easily accessible to users globally, we predict that by the second half of 2022, cryptocurrency brands will take a more permanent place in the Top 10 Targeted Brands as tracked by our Global Phishing Activity. More specifically, we expect to see phishing attacks targeting platforms designed for institutional investors and financial institutions that intend to offer their crypto trading services.