Cybersecurity researchers have warned of a rise in phishing attacks that could drain cryptocurrency wallets.
Check Point researchers Oded Vanunu and Dikla said: “The methods of these threats are unique and target a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche and nearly 20 other networks, using crypto wallets to consume All the skills,” said Barda and Roman Zakin.
A major factor in this disturbing trend is a notorious phishing group called Angel Drainer, which charges its collaborators a percentage of the stolen amount (usually 20 or 30%). ) in return for promoting a “fraud-as-a-service” product that provides wallet drain scripts and other services.
From user to administrator: Learn how hackers gain total control
Learn the secret tactics hackers use to become administrators and how to detect and stop it before it’s too late. Register now for our webinar.
Join now
In late November 2023, a similar wallet draining service called Inferno Drainer was announced, shut down its operations Since its launch in late 2022, it has helped scammers plunder more than $70 million worth of cryptocurrency from 103,676 victims.
Web3 anti-fraud solutions provider Scam Sniffer described the vendor in May 2023 as specializing in multi-chain scams and charging a 20% fee on stolen assets.
“It has been a long journey with you and we sincerely thank you [sic],” the actor said in a message posted on his Telegram channel.
“A huge thank you to everyone who has worked with us, like Drakan and all other customers, we hope you will remember us as the best drainers ever and that we successfully helped you make money.”
Key to these services is a cryptocurrency depletion toolkit designed to facilitate cybertheft by illegally transferring cryptocurrency from victim wallets without their consent.
This is often accomplished through airdrops or phishing scams, tricking targets into connecting their wallets to fake websites spread through malvertising schemes or unsolicited emails and messages on social media.
Earlier this month, Scam Sniffer detailed a phishing scam in which fake ads for cryptocurrency platforms on Google and Withdraw funds.
“Users are induced to interact with malicious smart contracts under the guise of receiving airdrops, thereby quietly increasing the attacker’s allowance through functions such as approval or licensing,” Check Point noted.
“Unknowingly, users grant attackers access to their funds, allowing the coins to be stolen without further user interaction. Attackers then use methods such as mixers or multiple transfers to cover their tracks and liquidate the stolen coins. assets.”
To mitigate the risks posed by such scams, users are advised to use hardware wallets for enhanced security, verify the legitimacy of smart contracts, and regularly check wallet limits for any signs of suspicious activity.