Cybersecurity experts are sounding the alarm on a disturbing rise in phishing scams specifically designed to drain cryptocurrency wallets. This new wave of threats is sophisticated, targeting a wide array of blockchain networks such as Ethereum, Binance Smart Chain, Polygon, Avalanche, and many others.
Researchers Oded Vanunu, Dikla Barda, and Roman Zaikin from Check Point highlight the ingenious methods employed by these scams, including a wallet-draining technique that's alarmingly effective.
A key player in this sinister landscape is the Angel Drainer group, which has been promoting a ‘scam-as-a-service’ model. They charge a substantial cut – usually 20-30% – from their partners in crime for providing wallet-draining scripts and related services.
The Rise and Fall of Inferno Drainer
In late November 2023, a similar service called Inferno Drainer announced the end of its operations. It had played a significant role in helping scammers steal over $70 million in crypto from more than 100,000 victims since its inception in late 2022.
Scam Sniffer, a Web3 anti-scam solution provider, described this vendor as a specialist in multi-chain scams, also charging a 20% fee on the stolen assets.
The Mechanics of the Scams
At the heart of these operations is a crypto-draining kit, designed to illegally transfer cryptocurrency from unsuspecting victims' wallets. These schemes often involve airdrops or phishing, luring targets to fake websites spread through malicious advertising or unsolicited messages on social media.
An instance of such a scam was detailed by Scam Sniffer earlier this month. It involved fraudulent cryptocurrency platform ads on Google and X (formerly Twitter), redirecting users to sites that siphoned off funds from their digital wallets.
The Invisible Threat
Victims are tricked into interacting with malicious smart contracts, thinking they are claiming an airdrop. This interaction inadvertently increases the attacker's allowance via functions like 'approve' or 'permit', unknowingly granting them access to the funds. The attackers then use mixers or multiple transfers to hide their tracks and liquidate the stolen assets.
Staying Safe
To combat these risks, users are advised to use hardware wallets for better security, verify the legitimacy of smart contracts, and regularly check wallet allowances for any unusual activity. Vigilance and informed caution are key in navigating the treacherous waters of the cryptocurrency world, where such scams are becoming increasingly common and sophisticated.
Comments