Hackers Using Crypto Drainers in Sophisticated Phishing Attacks

The cryptocurrency industry has had a concerning rise in sophisticated phishing attacks. By employing a crypto wallet-draining technique, these threats are distinct in that they target a broad spectrum of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and nearly twenty more networks.

A cryptocurrency draining kit is designed to simplify cyber theft by draining money from digital wallets. It mostly uses phishing scams to trick victims into entering their wallet information on fake websites.

Crypto drainers, or cryptocurrency stealers, are malicious programs or scripts that steal cryptocurrency from users’ wallets without their permission.

How do Crypto Drainers operate?

Launch of a Malicious Campaign

According to Check Point’s research, attackers create phishing or fake airdrop campaigns, which are frequently advertised via email or social media and offer free tokens to entice consumers.

Deceptive Website

When users try to claim these tokens, they are redirected to a fake website that seems like an official platform for token distribution.

Wallet Connection

Users are asked to connect their wallets to the website, preparing for the subsequent attack phase.

Smart Contract Interaction

Under the pretense of claiming an airdrop, the user is tricked into interacting with a malicious smart contract that covertly increases the attacker’s allowance by using features like approve or permit.

Asset Transfer and Obfuscation

By unintentionally giving the attacker access to their money, the user permits token theft to occur without additional user input. Then, the attackers employ techniques like mixers and numerous transfers to hide their traces and sell the stolen items.

Scammer’s strategy involves verifying the existence of a contract
Scammer’s strategy involves verifying the existence of a contract

Token holders can authorize a spender, like a smart contract, to move tokens on their behalf using the permit feature in ERC-20 tokens. This process eliminates the need for an on-chain transaction for each approval.

The Growing Risk of Phishing Attacks Using Crypto Drainers

Researchers discovered a recurring address: 0x412f10aad96fd78da6736387e2c84931ac20313f and 0x0000d38a234679F88dd6343d34E26DCB50C30000, which is known as the Angel Drainer address.

“Angel Drainer” describes a well-known phishing group specializing in cyberattacks, especially in the cryptocurrency industry. The group has been connected to some criminal operations, such as draining cryptocurrency wallets using sophisticated phishing scams.

Using technology tools and being vigilant is the key to preventing these phishing attacks. It is recommended that users:

  • Be skeptical of airdrop claims, especially those that require wallet interaction.
  • Understand the implications of approving transactions or signing messages in their wallets.
  • Verify the legitimacy of smart contracts before interacting with them.
  • Limit the use of high allowances or regularly review and revoke them using blockchain explorers or wallet interfaces.
  • Employ hardware wallets for enhanced security, especially for substantial holdings.
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.