Cybersecurity researchers are warning of an increase in phishing attacks that could deplete cryptocurrency wallets.
“These threats are unique in their approach, using crypto wallet evacuation techniques to target a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and about 20 other networks. ,” said Check Point researcher Oded Vanunu, Dikla.Barda and Roman Zaikin Said.
A notable contributor to this alarming trend is a notorious phishing group called Angel Drainer. The group advertises a “fraud-as-a-service” service that charges a percentage of the amount stolen. Usually 20% or 30%provided by its collaborators in return for providing wallet-draining scripts and other services.
From User to Administrator: Learn how hackers gain full control
Discover the secret tactics hackers use to gain control and how to detect and block them before it’s too late. Register for the webinar now.
In late November 2023, a similar wallet draining service known as Inferno Drainer stop operations It will live on forever after helping scammers plunder more than $70 million worth of cryptocurrencies from 103,676 victims since its launch in late 2022.
Web3 Anti-Fraud Solution Provider Scam Sniffer, May 2023; explained This vendor specializes in multi-chain fraud and charges 20% of stolen assets.
“I have traveled a long journey with all of you, and I would like to express my sincere gratitude.” [sic],” actor Said In a message posted on our Telegram channel.
“A big thank you to everyone who has worked with us, including Drakan and all our other customers. I hope you remember that I was successful in helping you in your quest to make money.”
At the core of these services are crypto exfiltration kits designed to facilitate cybertheft by illegally transferring cryptocurrencies from victims’ wallets without their consent.
This is usually done through airdrops or phishing scams that trick the target into connecting their wallet to a fake website. This wallet is spread through malvertising schemes and unsolicited emails and messages on social media.
Earlier this month, Scam Sniffer detailed the following phishing scams: fake advertising Google and X (formerly Twitter) cryptocurrency platforms redirected users to creepy sites and siphoned funds from their digital wallets.
“Users are lured into operating malicious smart contracts under the guise of airdrop claims, which covertly increases the attacker’s permissions through features such as approvals and permissions,” Check Point noted.
“Users can unknowingly grant attackers access to their funds, enabling the theft of tokens without any further user interaction.The attackers can then use a mixer, multiple transfers, etc. methods to cover your tracks and liquidate stolen assets.”
To reduce the risk posed by such scams, users are adopting hardware wallets for added security, verifying the legitimacy of smart contracts, and regularly checking their wallets for signs of suspicious activity. We recommend that you check your tolerance.