Crypto drainer is a new phishing tool that enables cybercriminals to steal wallets with little effort. Unlike ransomware, it does not require sophisticated coding skills to design and deploy. Users should be vigilant against these scams and ensure that their social media accounts have 2FA enabled. Additionally, they should use hardware wallets to store significant amounts of cryptocurrency assets.
They Spoof Exchanges And Wallets.
Crypto wallet drainers are malware that is designed to transfer cryptocurrencies from an individual’s wallet to the attacker’s without the owner’s consent. They can do this by spoofing popular cryptocurrency resources and services. This enables them to create and execute malicious transactions or smart contracts that siphon off valuable assets quickly and efficiently.
A recent example of this type of attack involved a threat actor listing a ready-to-go phishing page on a top-tier dark web forum that enticed unsuspecting victims to connect their wallets. The phishing site claimed to offer free airdrops and coin giveaways, as well as the ability to mint non-fungible tokens (NFTs). Once a victim connected their wallet, drainers automatically siphoned off all of their available cryptocurrency and NFTs.
Today’s crypto drainer are automated and sophisticated. They use obfuscated JavaScript to evade anti-virus programs and block security holes, making them difficult to detect for most users. Additionally, they rely on social engineering tactics to trick victims into connecting their wallets and authorizing transactions.
They Rely On Social Engineering.
Crypto drainers differ from generic information stealer malware because they are primarily used to harvest cryptocurrency wallets and associated exchange accounts. They rely on social engineering to gain access to such data and are usually offered in the form of a script for the cybercriminal buyer or already embedded into phishing pages. They are also frequently advertised in underground markets and Telegram channels. Threat actors are increasingly targeting individuals and organisations that own or store crypto assets. They may spoof websites and offer “airdrops” or “coin giveaways” on X, Discord crypto channels and other popular Web3 protocols like Seaport, MetaMask, Trust Wallet and WalletConnect to trick unsuspecting victims into connecting their wallets to these malicious scripts.
Once connected, these malicious scripts empties the victim’s wallet of all their stored crypto assets. As a result, they often cause significant losses for unsuspecting individuals and companies. In a particularly egregious case in 2023, four drainers spoofed a top-tier darknet forum and claimed to mint non-fungible tokens (NFTs) for its victims, resulting in a total loss of $66.4 million.
They Are A Form Of Ransomware.
Crypto drainers work by unlawfully transferring cryptocurrencies from a victim’s wallet to one controlled by an attacker. They do this via phishing attacks, malicious smart contracts, and more. They can also obfuscate transactions to make them more difficult to trace. Malware that targets wallet services and extensions, such as MetaMask or Coinbase, is the most common. They also spoof popular exchanges and non-fungible token (NFT) platforms.
These attacks are highly profitable, according to Recorded Future. That’s why threat actors are increasingly interested in them. Some have even created “drainer-as-a-service” offerings, allowing less technically adept users to carry out these thefts with pre-made tools. These threats are particularly dangerous for newer cryptocurrency investors, who may be more prone to phishing scams than those who have been holding their assets for longer periods of time. As a result, it’s important to use a hardware wallet to store your cryptocurrency and keep your private keys safe. This is the best way to protect yourself from the most serious crypto hacks.
They Are A Scam.
Crypto drainers are a threat to cryptocurrency users. They spoof a range of legitimate services and can easily pass an otherwise savvy user’s “scam litmus test.” In addition, they target the most popular wallets in the cryptocurrency industry, including MetaMask, Safe Wallet, Coinbase, and WalletConnect. The victims are enticed to connect their wallets on these sites, thinking that they will receive free NFTs or other rewards, and then asked to sign a transaction to transfer their assets to the scammers’ own wallets. This is what allows the malware to steal their coins and tokens.
Drainers are becoming more common because they can be used by less sophisticated cyber criminals than ransomware. They are also cheaper to acquire and operate. As a result, they pose a major threat to the security of the entire blockchain industry. To avoid falling victim to a crypto drainer, it is important to use hardware wallets and to follow best practices like safeguarding seed phrases and using strong passwords.
Conclusion
Crypto investors are becoming a prime target for cybercriminals who can now offer phishing-as-a-service. The latest trend is “crypto drainers”, ready-to-deploy scripts that crack wallets and steal balances. Threat actors have been using accounts hacked from high-profile brands on X, Discord and Telegram to distribute phishing links that lead to websites hosting drainers. The operators take a cut of the stolen funds.
