Kaspersky Reports 135% Surge In Crypto-Stealing Drainers On Dark Web

Cybercriminal interest in crypto-draining malware surged dramatically in 2024, with discussions on dark web forums rising by 135%, according to Kaspersky’s latest Security Bulletin.

Kaspersky’s report highlights the growing focus on crypto-drainers—malware designed to trick victims into authorizing fraudulent transactions, swiftly draining funds from cryptocurrency wallets.

Drainers exploit various methods, including fake airdrops, phishing websites, malicious browser extensions, deceptive advertisements, and fraudulent NFT marketplaces.

Kaspersky’s Digital Footprint Intelligence revealed that discussions on crypto-drainers increased from 55 unique dark web threads in 2022 to 129 in 2024. These forums are rife with cybercriminals exchanging ideas, trading malware, and collaborating on large-scale distribution.

Alexander Zabrovsky, a security expert at Kaspersky, predicts further growth in crypto-drainer interest in 2025.

“Crypto enthusiasts need to be more vigilant than ever, adopting robust crypto security measures. Meanwhile, companies should focus on educating their customers and employees while actively monitoring their online presence to reduce the risk of successful attacks,” Zabrovsky emphasized.

He added that drainers often leverage social engineering tactics, impersonating popular wallets and exchange brands to lure victims into fraudulent transactions.

The report also sheds light on a sharp rise in dark web activity surrounding corporate data breaches. Between August and November 2024, Kaspersky observed a 40% increase in advertisements for stolen corporate databases compared to the same period in 2023.

Cybercriminals appear increasingly focused on leaking or reselling stolen data, sometimes amplifying older breaches as new incidents to damage corporate reputations.

“Not every advertisement of a data breach on the dark web stems from a genuine incident,” Zabrovsky noted.

“Some ‘offers’ may simply be well-marketed materials. For example, certain databases might combine publicly available information or previously leaked data, presenting it as breaking news,” Zabrovsky added.

“By making such claims, cybercriminals can generate publicity, create buzz, and tarnish the reputation of the targeted company simply by announcing a data breach,” Zabrovsky continued.

Emerging trends point to further developments in 2025. Kaspersky predicts a migration of cybercriminals from Telegram back to private dark web forums, as increased platform bans drive users to less accessible spaces.

High-profile law enforcement operations are also expected to intensify, forcing cybercriminal groups to fragment into smaller, harder-to-track units.

Other anticipated trends include the rise of Malware-as-a-Service models promoting drainers and credential stealers, escalating cyber threats in the Middle East due to geopolitical tensions, and an uptick in ransomware attacks across the region.

To combat these threats, Kaspersky advises individuals to use comprehensive security solutions and remain vigilant against phishing schemes. Businesses should proactively monitor dark web activity and employ tools to detect and respond to potential data breaches and malware-related risks.