Unmasking the Crypto Wallet Drainers: A $58M Trail of Deception
Cryptocurrency fraudsters have capitalised on unsuspecting victims in a spree of wallet-draining scams, netting approximately $58 million over the past year. These elusive criminals have employed various tactics, from phishing ads on Google to exploiting vulnerabilities in social media platforms, leaving ordinary users vulnerable to substantial financial losses.
The Rise of Wallet Drainers
Wallet drainers, as these cybercriminals are aptly named, have witnessed a surge in their nefarious activities, with their exploits extending across various mediums, including phishing ads, supply chain attacks, Discord phishing, SimSwap attacks, DNS attacks, and email phishing. These tactics have been employed with alarming frequency, targeting everyday users and causing significant financial damage.
One specific wallet drainer stands out for its extensive use in phishing ads, initially discovered within Google search ad phishing campaigns. Later, it was unearthed in a set of X phishing ads shared by the vigilant ZachXBT. A recent sampling test of ads on the X platform revealed that nearly 60% of phishing ads employed this same wallet drainer.
Google Search Ad Phishing
The first detection of this malicious actor occurred in March, followed by the SlowMist team sharing their findings in early April. It reared its head in late April in Google search ad phishing campaigns. Some unsuspecting individuals were lured into these malicious ads, resulting in financial losses. Notably, a counterfeit Radiant ad was identified as one of the culprits.
X Ads
Towards the end of June, ZachXBT shared a collection of X phishing ads known as “Ordinal Bubbles.” Upon analysis, it became evident that these ads all had one thing in common—the same wallet drainer. A recent test of X’s ad feed unveiled a startling statistic: six out of nine phishing ads were utilising this wallet drainer, constituting over 60% of the total.
Evasion Techniques and Deceptive Tactics
To make matters worse, these phishing ads employed various techniques to bypass ad audits. They meticulously targeted specific regions, ensuring that users from other areas encountered seemingly innocuous websites when clicking on the links. This deception complicated the ad audit process significantly.
Additionally, redirect deception was a favoured tactic, with the phishing ads appearing to originate from official domains while ultimately leading victims to fraudulent sites. This cunning approach made it difficult for users to discern the authenticity of the advertisements they encountered.
The Grim Reality: Phishing Sites and Theft
Over the past nine months, a staggering 10,072 phishing sites linked to this wallet drainer have been monitored. Disturbingly, specific periods, notably in May, June, and November, saw significant spikes in activity. A comprehensive analysis of on-chain data associated with the drainer has estimated that approximately $58.98 million was stolen from an unfortunate total of 63,210 victims.
The impact on individual victims has been dire, with some losing substantial sums. Notably, one victim (0x13e382dfe53207e9ce2eeeab330f69da2794179e) suffered a devastating loss of $24 million in September, as previously reported.
The Enigmatic Drainer
What sets this particular wallet drainer apart is its unique approach to distribution. Unlike its counterparts, which are fully managed and levy a 20% fee, this drainer opts to sell its source code and additional value-added modules separately. This approach allows for customisation, with the option to add malicious signatures using Blur for phishing available for an additional fee.
Conclusion: A Call to Action
This alarming rise in wallet-draining scams underscores the pivotal role advertising plays in enabling phishing scammers to target victims effectively. By exploiting specific audience demographics through Google search terms and platforms like X, these criminals can select their targets and launch relentless phishing campaigns at minimal cost.
Given the utilisation of domain spoofing and evasion of ad reviews, users are constantly at risk of falling victim to phishing threats. Ad platforms must enhance their verification processes to thwart malicious actors seeking to exploit their services.
As users, our vigilance is paramount. It is imperative to exercise caution when encountering advertisements, adopt a sceptical approach before engaging with them, and always verify any transaction’s legitimacy. In a world where cryptocurrency scams loom large, staying safe requires constant vigilance.
About Scam Sniffer
Scam Sniffer is a dedicated anti-scam platform that combines off-chain and on-chain monitoring data to offer real-time protection for Web3 users. With a commitment to ensuring the safety of the following billion users in the Web3 landscape, Scam Sniffer has been instrumental in safeguarding well-known platforms from fraudulent activities.