Crypto Phishing Attacks Spike As Cryptocurrency Adoption Skyrockets
As cryptocurrency adoption skyrockets, so does the interest of hackers. The cryptocurrency industry had seen its fair share of security breaches in 2021, with an estimated 145% increase in security breaches and over $4B in stolen funds, according to a report published by Invezz.
In the last quarter of 2021, we saw a massive spike in crypto phishing attacks as hackers tried to expand (and simplify) their methods to take advantage of this enormous growth. In this post, we'll look back at 2021 and analyze some of the trends in crypto phishing.
Let's start with the big picture. In 2021, 4% of phishing attacks targeted cryptocurrency users. Although a small percentage, it's still a 4x increase from the year before. The first quarter of 2021 looked similar to 2020, with less than 1% of phishing attacks being crypto phishing. However, in comparison, in Q4 2021, crypto phishing accounted for 11% of all phishing URLs. This trend appears to coincide with the growth of global crypto users.
Most Impersonated Brands
| Brand | Service Type | % of Crypto Phishing |
|---|---|---|
| Blockchain.com | Centralized Exchange | 21.51% |
| PancakeSwap | DeFi | 20.29% |
| Trust Wallet | Wallet | 13.56% |
| MetaMask | Wallet | 13.29% |
| WalletConnect | Wallet | 12.79% |
| Uniswap | DeFi | 4.07% |
| Exodus Crypto Wallet | Wallet | 2.76% |
| Luno | Centralized Exchange | 2.67% |
| Coinbase | Centralized Exchange | 2.62% |
| Paxful | Centralized Exchange | 0.63% |
Although it's not a surprise that majority of the top 10 brands are either centralized exchanges or wallets, we could not identify any correlation between a brand's rank and its popularity, e.g., users or trade volume.
Brands in the Wallets (43%) and Centralized Exchanges (28%) categories were the most impersonated, followed by Decentralized Finance (DeFi) services (26%).
It's no wonder that the increase of interest in DeFi sparked given the volume on Decentralized Exchanges grew 5x compared to last year. Yet, we find it interesting, since DeFi services are geared towards advanced crypto users - with perhaps stronger security awareness than novice users who dabble in crypto. NFT and crypto/blockchain games accounted for less than 2% of crypto phishing despite a very active year.
Infrastructure
Some quick figures:
- 57% of crypto phishing used HTTPS
- The United States and Russia hosted the majority (66%) of the crypto phishing content
- Legacy TLDs (.com, .net, and .org) were the most exploited and hosted nearly 2/3 of crypto phishing
Interestingly, 62% of crypto phishing URLs were hosted on second-level domains, needing a paid domain registration. Additionally, most domains were look-alike impersonating known brands or having known crypto jargon such as 'dapp' (stands for Decentralized App), 'wallet', etc.
2022 Outlook
Crypto is still in its early stages. However, as it becomes more easily accessible to users globally, we predict that by the second half of 2022, cryptocurrency brands will take a more permanent place in the Top 10 Targeted Brands as tracked by our Global Phishing Activity. More specifically, we expect to see phishing attacks targeting platforms designed for institutional investors and financial institutions that intend to offer their crypto trading services.