There’s a new way to steal cryptocurrency wallets. Threat actors have begun selling ready-made phishing pages loaded with “crypto drainer” scripts that crack wallets and steal assets in a snap. Cryptocurrency users should be alert to these attacks, especially those who use social media or don’t enable 2FA or MFA on their accounts. To be safe, consider using a hardware wallet that stores private keys offline and out of reach.
What Is A Crypto Drainer?
Crypto Drainers are malicious services that aim to empty an unsuspecting user’s wallet. This type of malware is a growing threat in the crypto space and has been responsible for scamming users out of millions of dollars in digital assets. Unlike ransomware, which requires substantial coding skills, crypto drainer are easy to design and use for would-be criminals. Security researchers at Recorded Future warn that new services such as Pink Drainer are staking their claim in the market. They have reportedly been targeting Discord users by pretending to be NFT airdrop and giveaway organizers and are luring them to phishing pages with promises of free tokens.
Once the phishing page is loaded, the malware begins executing transactions that siphon crypto assets from the victim’s wallet. The attacker can then use the stolen funds to purchase more NFTs on the Dark Web. The attackers then sell or rent these stolen NFTs for profit. Using drainer malware is a crime, and anyone caught doing so could face serious legal consequences.
How Does A Crypto Drainer Work?
In order to steal a victim’s cryptocurrency, the attacker needs access to their wallet private key. A drainware attack typically involves some kind of phishing or impersonation fraud to get the victim to enter their mnemonic phrase into a fake wallet. Once the malicious software has access to a victim’s wallet, it begins to transfer assets from their wallet to the attacker’s. This can be as simple as a direct transfer of funds or it can involve stealing the rights to manage assets from the victim by hijacking their wallet’s smart contract.
As crypto drainer malware continues to rise, security experts are concerned that criminals who may not have the technical know-how for ransomware attacks will be able to deploy these scams at scale. As a result, we could see attacks like Pink, Inferno, Pussy, and Venom wreak havoc on the crypto world in 2024. The good news is that users can protect themselves from these kinds of threats by implementing rigorous security practices and maintaining vigilance against phishing attacks.
How Do Crypto Drainers Steal Funds?
Crypto drainers are a new breed of malware that trick unsuspecting cryptocurrency investors by taking the digital assets in their wallets. They work similarly to e-skimmer scams by stealing private keys and then executing transfers of stolen funds. According to Recorded Future, cybercriminals use crypto drainers on phishing pages that imitate popular crypto services and extensions. They entice victims to link their wallets by offering free token airdrops or rewards for minting non-fungible tokens (NFTs).
The popularity of drainers is increasing because they’re easier and cheaper to make than ransomware. Additionally, cybercriminals are focusing on these threats as they’re “more effective in securing the valuable assets of newcomers to the crypto world,” Volovik says. While the threat of phishing attacks is real, consumers can protect their wallets by conducting research and verifying suspicious platforms. They can also follow security best practices and report phishing sites when necessary. If you have questions or concerns about a specific cryptocurrency, contact the platform directly through official channels.
Are Crypto Drainers A Scam?
Crypto drainers are becoming increasingly popular for threat actors, and their low barrier to entry is alarming cybersecurity researchers. They are simple to deploy and do not require an in-depth knowledge of cryptocurrencies to execute at scale. A cryptocurrency drainer uses a flaw in the way that wallets work, allowing it to steal funds without having to authorize transactions on-chain. When users send crypto from their wallet to another, the transfer is signed with their private key. This allows the malware to copy and move crypto from a victim’s wallet to its own.
Recorded Future analyzed a ready-to-go crypto drainer phishing page advertised on a top-tier dark web forum, which lures unsuspecting victims into connecting their wallets to the site in exchange for the opportunity to mint NFTs. The malware then siphons available crypto and NFTs from the victims’ wallets. The attack was reminiscent of NFT airdrops, a common scam in the crypto sphere that led to significant losses in digital assets for unsuspecting users in 2022. These types of attacks may increase in the future, as threat actors exploit a combination of social engineering and Web3 phishing to fool individuals into linking their wallets with fake protocols.
Conclusion
Cryptocurrency investors are a favorite target of phishers. One notorious example, spotted by Recorded Future, saw 14 Bored Ape NFTs stolen from a victim’s wallet after he signed a transaction on an illegitimate phishing site called Unemployd.
