Innovative Scam-as-a-Service Model Fuels Surge in Crypto Wallet Attacks
Cybersecurity experts are sounding the alarm as phishing attacks capable of draining cryptocurrency wallets are on the rise. These threats represent a new breed of cybercrime, targeting multiple blockchain networks, including Ethereum, Binance Smart Chain, Polygon, Avalanche, and nearly 20 others, employing a technique known as crypto wallet-draining. Researchers from Check Point, including Oded Vanunu, Dikla Barda, and Roman Zaikin, are issuing a strong warning about this disturbing trend.
Angel Drainer: Leading the Pack
At the forefront of this concerning trend is a notorious phishing group known as Angel Drainer. This group is boldly offering a “scam-as-a-service” model, charging a percentage, often 20% or 30%, of the stolen amount as compensation for their services. In this arrangement, they provide wallet-draining scripts and other essential tools for cybercriminals.
Inferno Drainer Shuts Down After Looting Millions
In late November 2023, another similar service called Inferno Drainer made headlines by announcing the end of its operations. This decision followed its involvement in the theft of over $70 million worth of cryptocurrencies from 103,676 victims since its launch in late 2022. Scam Sniffer, a Web3 anti-scam solution provider, described Inferno Drainer as specializing in multi-chain scams and charging 20% of the stolen assets.
In a farewell message posted on its Telegram channel, an actor from Inferno Drainer thanked its collaborators and customers, signifying the end of an era for one of the most prolific crypto wallet-draining services.
The Anatomy of Crypto Wallet-Draining Services
At the heart of these services is a crypto-draining kit specifically designed to facilitate cryptocurrency theft by transferring funds from victims’ wallets without their knowledge or consent. This malicious act is typically achieved through airdrop or phishing scams. Cybercriminals trick their targets into connecting their wallets to counterfeit websites, often promoted through malvertising schemes or unsolicited emails and messages on social media.
A Rising Threat: Google and X (formerly Twitter) Phishing Scam
Earlier this month, Scam Sniffer uncovered a phishing scam where fraudulent advertisements for cryptocurrency platforms on Google and X (formerly Twitter) redirected users to suspicious websites that siphoned funds from their digital wallets. In this particular scheme, users were lured into interacting with a malicious smart contract, falsely promising an airdrop, which surreptitiously increased the attacker’s allowance through functions like “approve” or “permit.” Unbeknownst to the user, this granted the attacker access to their funds, allowing for token theft without any further interaction. To further obfuscate their tracks, attackers employed methods like mixers or multiple transfers before liquidating the stolen assets.
Protecting Yourself Against Crypto Wallet Attacks
To safeguard against these increasingly sophisticated scams, users are strongly advised to take several precautions:
- Use Hardware Wallets: Consider using hardware wallets to store your cryptocurrencies securely. These devices offer enhanced protection compared to software wallets.
- Verify Smart Contracts: Before interacting with any smart contract or airdrop, double-check its legitimacy. Ensure that it is from a trusted source.
- Review Wallet Allowances: Periodically review your wallet allowances to detect any suspicious activity. Unauthorized changes in permissions could be a sign of an impending attack.
The rise of Scam-as-a-Service operations highlights the need for heightened vigilance within the cryptocurrency community. As cybercriminals continue to evolve their tactics, users must stay informed and take proactive steps to protect their digital assets.