Blockchain sleuth zachxbt was able to coordinate with the project to organize a community governance vote to burn the stolen tokens before the attacker was able to cash out. Although this doesn't return the stolen funds to their original owner, it at least keeps the attacker from profiting.
"The AI Protocol" burns tokens after holder suffers $4.3 million theft
Someone who held over 111.6 million ALI tokens from a project called The AI Protocol was phished by someone using a wallet drainer service using a permit phishing technique. The tokens were priced at around $4.3 million.
MailerLite hack enables over $700,000 in crypto phishing thefts
After hackers gained access to various accounts on the MailerLite email marketing software via a social engineering attack on an employee, they were able to send malicious phishing emails that appeared as though they had been genuinely sent from companies including the CoinTelegraph crypto media outlet and the crypto firms Wallet Connect, Token Terminal, SocialFi, and De.Fi.
The emails appeared to announce airdrops and exclusive offers from those companies, and recipients were invited to connect their wallets to claim tokens. Those wallets were then drained.
The attackers stole a variety of cryptocurrencies, and some outlets have reported the theft has totalled more than $3.3 million. However, because a substantial amount of that number comes from the illiquid Xbanking token, the actual liquid value of the tokens is likely closer to $700,000. The attackers have begun mixing the stolen funds through the Railgun privacy service.
- "MailerLite confirms hack that led to $3.3M crypto-phishing email attacks", CoinTelegraph [archive]
- "Coordinated crypto hack and phishing campaign floods investor emails: Alert", CoinTelegraph [archive]
- "Mailer Lite hacker impersonates crypto firms, draining $600,000 with phishing emails", The Block [archive]
Wallet gets phished for $4.4 million
Someone had a not so fun end to the year when they fell victim to a phishing attack and had around 275,700 LINK drained from their crypto wallet. Those tokens are priced at around $4.4 million.
The attack was perpetrated by the Pink Drainer group, which had recently compromised the Twitter account of Compound Finance to try to lure its more than 250,000 followers into authorizing the malicious drainer. It's not clear if that's how this wallet was drained, however, as Pink Drainer uses numerous strategies to attract victims.
New wallet drainer steals almost $60 million in 9 months
A new wallet drainer tool has stolen $58.98 million in cryptocurrency assets from more than 63,000 victims in the past nine months. People using the drainer software have pulled in victims by running ads on Twitter and through Google ads, employing various tricks to thwart ad reviewers trying to thwart malicious ads on their platforms.
Wallet drainer steals more than $60 million in six months
A wallet drainer service has facilitated the theft of more than $60 million in various assets from almost 100,000 victims since May 2023. According to research group ScamSniffer, the drainer has recently started using functionality in the Ethereum network called
CREATE2 to generate new addresses for each malicious signature. This allows the drainer to sidestep security alerts built into some crypto wallet software that would flag known malicious addresses.ScamSniffer identified one victim who lost almost 17,000 GMX (~$927,000) to this drainer after signing a malicious transaction.
$1.25 million stolen in 2 months in Polygon NFT phishing scheme
A phishing scam in which scammers airdropped fake NFTs impersonating real projects has landed the scammers around $1.25 million in the last two months. The scammers have created more than 1,350 fake NFTs appearing to come from real projects including RocketPool, ApeCoin, Polygon, Uniswap, and Aave, then airdropped them to more than 500,000 wallets. When they viewed the NFTs, the victims were directed to phishing sites where they signed malicious signatures.
Around $1.25 million in various assets have been stolen thus far, with the largest single loss exceeding $150,000.
Phishing-as-a-service company "Inferno Drainer" steals assets nominally worth $5.9 million in three months
A scam-as-a-service company identified by ScamSniffer and dubbed "Inferno Drainer" has stolen assets nominally worth around $5.9 million since mid-February. The vendor sells phishing scam software that is then used by phishers to target victims, who believe that they are interacting with an established crypto project. Inferno Drainer takes 20–30% of the stolen funds as "payment" for the scam software.
One Inferno Drainer victim lost assets worth around $417,000. They later sent an on-chain message to the thief, writing: "you are ruining my life and for me this money was a lifetime's work, I won't have enough my family..." They asked the attacker to return 50% of the funds stolen from them, offering to not report the scammer to Interpol and other authorities in return, and even offering to "sign a contract allowing you to use legally the stolen crypto".
Monkey Drainer steals dozens more NFTs, nets around $867,000
The "Monkey Drainer" NFT phishing scammer first identified by blockchain detective zachxbt has struck again. They successfully emptied 7 CryptoPunks and 20 Otherside NFTs, which they flipped for 522 ETH (~$867,000). The scammer then laundered the funds through the Tornado Cash cryptocurrency mixer.
Monkey Drainer steals ~$1 million in 24 hours
A phishing scammer called "Monkey Drainer" stole around 700 ETH (~$940,000) in 24 hours on October 25, according to blockchain sleuth zachxbt. The scammer used malicious phishing sites to trick users into signing transactions that then drained cryptocurrencies and NFTs from their wallets. Some individual victims lost crypto valued at hundreds of thousands of dollars, and others lost NFT collections. Zachxbt estimated the total amount solen by Monkey Drainer to be around $3.5 million.