Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
"These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu, Dikla Barda, and Roman Zaikin said.
A prominent contributor to this troubling trend is a notorious phishing group called Angel Drainer, which advertises a "scam-as-a-service" offering by charging a percentage of the stolen amount, typically 20% or 30%, from its collaborators in return for providing wallet-draining scripts and other services.
In late November 2023, a similar wallet-draining service known as Inferno Drainer announced that it was shutting down its operations for good after helping scammers plunder over $70 million worth of crypto from 103,676 victims since its launch in late 2022.
Web3 anti-scam solution provider Scam Sniffer, in May 2023, described the vendor as specializing in multi-chain scams and charging 20% of the stolen assets.
"It has been a long ride with all of you and we'd like to thank you from heart [sic]," the actor said in a message posted on its Telegram channel.
"A big thanks to everyone who has worked with us such as Drakan and every other customer, we hope you can remember us as the best drainer that has ever existed and that we succeeded in helping you in the quest of making money."
At the crux of these services is a crypto-draining kit that's crafted to facilitate cyber theft by illegally transferring cryptocurrency from victims' wallets without their consent.
This is typically accomplished via airdrop or phishing scams, tricking targets into connecting their wallets on counterfeit websites that are propagated via malvertising schemes or unsolicited emails and messages on social media.
Earlier this month, Scam Sniffer detailed a phishing scam in which bogus ads for cryptocurrency platforms on Google and X (formerly Twitter) redirected users to sketchy sites that drained funds from users' digital wallets.
"The user is induced to interact with a malicious smart contract under the guise of claiming the airdrop, which stealthily increases the attacker's allowance through functions like approve or permit," Check Point noted.
"Unknowingly, the user grants the attacker access to their funds, enabling token theft without further user interaction. Attackers then use methods like mixers or multiple transfers to obscure their tracks and liquidate the stolen assets."
To mitigate the risks posed by such scams, users are recommended to employ hardware wallets for enhanced security, verify the legitimacy of smart contracts, and periodically review wallet allowances for signs of any suspicious activity.
