1. Home
  2. phishing scam

phishing scam

MakerDAO delegate’s $11M in tokens stolen in phishing scam

The user fell victim to the phishing scam after signing multiple phishing signatures, which resulted in the loss of their digital assets.

A MakerDAO governance delegate has lost $11 million worth of Aave Ethereum Maker (aEthMKR) and Pendle USDe tokens in a phishing scam due to signing multiple signatures. 

Scam Sniffer detected the incident in the early hours of June 23. The user fell victim to the phishing scam after signing multiple signatures, which led to the loss of their digital assets.

The sender address, “0xfb94d3404c1d3d9d6f08f79e58041d5ea95accfa,” transferred 3,657 aEthMKR tokens to the recipient address “0x739772254924a57428272f429bd55f30eb36bb96,” and the transaction was confirmed within 11 seconds.

Read more

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase

Inferno Drainer says it’s shutting down after helping steal $70M in crypto

“We hope you can remember us as the best drainer that has ever existed,” wrote the scam-as-a-service wallet drainer.

Inferno Drainer, one of the most popular crypto wallet-draining kits for hire says it is shutting down for good after helping phishing scammers steal nearly $70 million worth of crypto this year.

In a Nov. 26 Telegram post, the team behind Inferno Drainer said it was “time for us to move on.” However, it said that the files and infrastructure needed to run the wallet drainer won’t be destroyed but instead will remain active so users can make a “smooth transition” to other services.

“It has been a long ride with all of you and we’d like to thank you from heart [sic]. Unfortunately, nothing lasts forever.”

“A big thank [sic] to everyone who has worked with us,” it added. “We hope you can remember us as the best drainer that has ever existed and that we succeeded in helping you in the quest of making money.”

Inferno Drainer’s final message to its users. Source: Telegram

Inferno Drainer gained prominence early this year and saw increased use after the popular Monkey Drainer tool shut down. Like its peers, Inferno offered its crypto wallet-draining software and took a 20% cut of what users stole.

Since February, Inferno Drainer has stolen nearly $70 million from over 100,000 victims, according to analytics from Web3 anti-scam platform Scam Sniffer. However, the Inferno Drainer team suggested the amount stolen was over $80 million.

The Inferno Drainer team has deleted the affiliate Telegram account “mr_inferno_drainer” used for arranging its service and warned its users not to trust other drainers using its name in the future.

Related: Pink, Pussy, Venom, Inferno — Drainers coming for a crypto wallet near you

Blockchain security firm CertiK told Cointelegraph that Inferno Drainer was “one of the most damaging phishing kits to the community we’ve seen.”

It added there are still “plenty of providers out there” who are active, including rival Pink Drainer and Angel Drainer, the latter of which released an update on Nov. 25 to help users drain wallets on more blockchains.

Monkey Drainer, another high-profile crypto drainer that stole millions, shut down in March, saying it was “time to move on to something better.”

Magazine: Tornado Cash 2.0 — The race to build safe and legal coin mixers

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase

Friend.tech users blame SIM swaps after more than 100 ETH drained in a week

In a short period of time, four friend.tech users reported their accounts were compromised and drained after hackers seized control of their mobile numbers.

Friend.tech users are warning of possible SIM-swap attacks after a recent spate of supposed hacks resulting in nearly 109 Ether (ETH) worth around $178,000 being drained from four users in under a week.

On Sept. 30, the X (formerly Twitter) user known as “froggie.eth” warned their Friend.tech account was SIM-swapped — where exploiters gain control of a user’s mobile number to intercept two-factor authentication codes, then used to access accounts — and subsequently drained of over 20 ETH.

Days later, on Oct. 3, a string of Friend.tech users reported similar incidents, with musician Daren Broxmeyer saying he was SIM-swapped and drained of 22 ETH.

His phone was earlier “spammed with phone calls,” which he believed was to force him to miss a text from his service provider warning him that someone was trying to access his account.

The same day another user, “dipper,” also said their account was compromised, adding they have “no idea” how exploiters could hack their account, as they use strong passwords.

The fourth user, “digging4doge,” was drained of around 60 ETH after falling for a phishing scam that tricked them into sharing a login code.

Crypto investment firm Manifold Trading explained that any hacker gaining access to a Friend.tech account is then able to “rug the whole account.”

Assuming that a third of Friend.tech accounts are connected to phone numbers, around $20 million is at risk of being exploited through Friend.tech user-focused exploits, they said.

Related: Friend.tech look-alike ‘Alpha’ emerges on Bitcoin network

Manifold also suggested that, technically, all of Friend.tech is at risk due to how the platform’s security is set up, and solving the issues “should honestly be the number 1 priority.”

Manifold suggested Friend.tech allow users to add 2FA to logins, key decryptions and transactions.

Users should also be given the option to change the login method from a number to email and allow for third-party wallets to be used.

High-profile crypto figures have previously been successfully SIM-swapped, with their accounts used to carry out phishing attacks, such as Ethereum co-founder Vitalik Buterin’s X account in September.

Cointelegraph contacted Friend.tech for comment but did not immediately receive a response.

Magazine: Blockchain detectives — Mt. Gox collapse saw birth of Chainalysis

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase

Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’

The scammer behind the crypto wallet draining kit even recommended an alternative and gave advice to budding cybercriminals.

The cryptocurrency phishing scammer behind some of the most high-profile and high-value Web3 thefts is claiming to have packed up shop and is “moving on to something better.”

The scammer by the pseudonym Monkey Drainer posted to their Telegram channel on Mar. 1 that they “will be shutting down immediately” and all “files, servers and devices” related to the drainer “will be destroyed immediately” and it “will not return.”

Monkey Drainer’s full message posted to Telegram recommending an alternative service. Source: Telegram

The scammer even gave advice to budding “young cyber criminals” saying they shouldn’t “lose themselves in the pursuit of easy money” and only those “with the highest level of dedication” should operate a “large scale cybercrime” outfit.

Monkey Drainer even recommended a “flawless” alternative service to the one they once offered named “Venom Drainer” and pointed to a Telegram account for the service that was created only a day before Monkey’s announcement.

Blockchain security firm PeckShield tweeted on Mar. 1 that Monkey Drainer scammer deposited around 200 Ether (ETH) worth $330,000 within the last day into the crypto mixing service Tornado Cash, attempting to obscure their funds. 840 ETH worth $1.4 million was still in their primary wallet.

Blockchain security firm CertiK also shared Monkey’s message on a Mar. 1 tweet, saying the crypto wallet-draining kit they offered is understood to take a 30% “commission” of funds stolen funds from others' use of the software.

Wallet-draining kits from other providers have copied the model, and CertiK pointed to other vendors already reporting an uptick in requests since Monkey Drainer announced the shutdown.

Monkey Drainer is understood to have operated since late 2022 and is estimated to have stolen up to $13 million worth of cryptocurrencies and nonfungible tokens (NFTs) since that time.

Related: Monkey Drainer-linked scammers possibly exposed after an on-chain quarrel

Other copycat phishing scammers and wallet-draining kits have stolen much more. A report from Web3 bug bounty platform Immunefi revealed $3.9 billion worth of crypto was lost to hacks, frauds, scams and rug pulls in 2022.

Possibly one of the single most high-profile and high-value theft by a wallet drainer in recent times was the January attack on Kevin Rose, the co-founder of the Moonbirds NFT collection.

Rose’s wallet was drained after he approved a malicious signature on a phishing website that transferred over $1.1 million worth of his personal NFTs to the attacker.

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase

Monkey Drainer-linked scammers possibly exposed after an on-chain quarrel

The scammer referred to their pseudonym during a blockchain message argument which may have revealed their actual identity, according to CertiK.

Blockchain security firm CertiK believes to have found the real identity of at least one scammer allegedly linked tothe “Monkey Drainer” phishing scam.

Monkey Drainer is the pseudonym for a phishing scammer(s) that uses smart contracts to steal NFTs through a process known as "ice phishing." 

The individual or persons behind the phishing scam have stolen millions worth of Ether (ETH) via malicious copycat nonfungible token (NFT) minting websites to date. 

In a Jan. 27 blog, CertiK said it found on-chain messages between two scammers involved in a recent $4.3 million Porsche NFT phishing scam and was able to link one of them to a Telegram account involved in selling the Monkey Drainer-style phishing kit. 

One message revealed a person referring to themself as “Zentoh” and referred to the person who stole the funds as “Kai.”

Zentoh was seemingly upset at Kai for not sending over a slice of the stolen funds. The message from Zentoh directs Kai to deposit the ill-gotten gains “at our address.”

An on-chain message from a person referring to themselves as “Zentoh,” upset they didn’t receive a portion of phished funds from a person they address as “Kai.” Image: CertiK

CertiK deduced the joint wallet was the address that received the $4.3 million in stolen crypto. The firm added there is a “direct link” between the joint wallet and “some of the most prominent Monkey Drainer scammer wallets.”

The wallet address tied to Zentoh is in turn tied to numerous addresses linked to the Monkey Drainer scam. Image: CertiK

Zentoh revealed in another message the pair used Telegram to communicate. CertiK found an exact match for the pseudonym on the messaging app and identified it “to be running a Telegram group that sells phishing kits to scammers.”

The company found numerous other online accounts possibly linked to Zentoh, including one on GitHub that posted repositories for crypto drainer tools.

If the links between the accounts are legitimate, it reveals the identity of a French national living in Russia.

Cointelegraph reviewed accounts potentially related to the person and found public accounts that seemed to be interested in cryptocurrencies. Cointelegraph contacted the person but did not immediately receive a response.

Cointelegraph will not publish the name of the person due to privacy concerns.

Related: Hackers take over Azuki’s Twitter account, steal over $750K in less than 30 minutes

Crypto wallet-draining phishing scams have unfortunately been used to great effect recently.

The co-founder of the Moonbirds NFT collection, Kevin Rose, fell victim to such a scam that lead to over $1.1 million worth of his personal NFTs being stolen.

The crypto wallet of the influencer known on Twitter as “NFT God” suffered a similar fate after they downloaded malicious software from a Google Ad search result, with ETH and high-priced NFTs pilfered from the wallet.

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase

Sam Bankman-Fried deepfake attempts to scam investors impacted by FTX

A faked video the FTX founder created by scammers has circulated on Twitter with users poking fun at its poor production quality.

A faked video of Sam Bankman-Fried, the former CEO of cryptocurrency exchange FTX, has circulated on Twitter attempting to scam investors affected by the exchange’s bankruptcy.

Created using programs to emulate Bankman-Fried’s likeness and voice, the poorly made “deepfake” video attempts to direct users to a malicious site under the promise of a “giveaway” that will “double your cryptocurrency.”

The video uses appears to be old interview footage of Bankman-Fried and used a voice emulator to create the illusion of him saying “as you know our F-DEX [sic] exchange is going bankrupt, but I hasten to inform all users that you should not panic.”

The fake Bankman-Fried then directs users to a website saying FTX has “prepared a giveaway for you in which you can double your cryptocurrency” in an apparent "double-your-crypto" scam where users send crypto under the promise they'll receive double back.

A now-suspended Twitter account with the handle “S4GE_ETH” is understood to have been compromised, leading to scammers posting a link to the scam website — which now appears to have been taken offline.

The crypto community has pointed to the fact that scammers were able to pay a small fee in order to get Twitter’s “blue tick” verification in order to appear authentic.

Meanwhile, the video received widespread mockery for its poor production quality with one Twitter user ridiculing how the scam production pronounced “FTX” in the video, saying they’re “definitely using [...] ‘Effed-X’ from now on.”

At the same time, it gave many the opportunity to criticize the FTX founder, one user said “fake [Bankman-Fried] at least admits FTX is bankrupt” and YouTuber Stephen Findeisen shared the video saying he “can’t tell who lies more” between the real and fake Bankman-Fried.

Related: Crypto scammers are using black market identities to avoid detection: CertiK

Authorities in Singapore on Nov. 19 warned affected FTX users and investors to be vigilant as websites offering services promising to assist in recovering crypto stuck on the exchange are scams that mostly steal information such as account logins.

The Singapore Police Force warned of such a website which prompted FTX users to log in with their account credentials that claimed to be hosted by the United States Department of Justice.

Others have attempted to profit from the attention FTX and its former CEO are receiving. On Nov. 14, shortly after Bankman-Fried tweeted “What” without further explanation, some noticed the launch of a so-called “meme token” called WHAT.

“Deepfake” videos have long been used by cryptocurrency scammers to try to con unwitting investors. In May, faked videos of Elon Musk promoting a crypto platform surfaced on Twitter using footage from a TED Talk the month prior.

The video caught Musk’s attention at the time, who responded: “Yikes. Def not me.”

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase

Beeple’s Discord URL ‘hijacked,’ directing users to wallet drainer

Other users in the crypto Twitter Community believe lax security management is to blame for the latest phishing scam aimed at Beeple's fans and followers.

Non fungible token (NFT) artist Mike "Beeple" Winkelmann has found himself the target of phishing scammers yet again, warning users that the URL link to his official Discord server was “hacked” — sending unaware new members to a wallet draining Discord channel if they follow the link. 

In an Oct. 3 post, the NFT artist warned users not to go into the "fraudulent" Discord channel and verify as it will “drain your wallet.”

However, Beeple wasn’t the first to notice the URL slight-of-hand, with Twitter user maxnaut.eth noting in a post hours earlier that the Discord link connected to the Beeple: Everydays - 2020 Collection on NFT marketplace OpenSea marketplace may have been “hijacked.”

The screenshot shared by maxnaut.eth suggests that the URL points to a “CollabLand wallet drainer,” showing a Collab.Land Bot on Discord which directs members to verify account ownership — instead it works to drain their wallets, noting:

"Your Discord URL probably got hijacked and your team didn't update it on OS. You need to change that ASAP or people going to get rekd."

While Beeple claims the URLs were hacked and that Discord is to blame, other crypto Twitter community members are arguing that lax security measures are truly to blame.

NFT analyst and blockchain detective "OKHotshot" replied to the artist's announcement, stating the URLs were not hacked but instead alleging: "Mismanagement of discord URLs allows this happen, probably just like it happened to CryptoBatz."

While cybersecurity firm Black Alchemy Solutions Group commented their belief that it was not "a Discord problem."

"This is a problem with a mismanagement of the Beeple Information Security apparatus. If you haven't already, hire a vCISO (Security Officer), web3 doesn't = Natively Secure."

It appears that the misdirecting Discord URLs have been fixed by the artist, according to maxnaut.eth, noting that it “Seems Beep Man picked it up and has fixed it now."

At the time of writing, the Discord link in the affected Opensea listing also appears to be gone.

Related: 8 sneaky crypto scams on Twitter right now

Beeple's social media and messaging platforms appear to be a popular target for scammers and hackers, having sold some of the most expensive NFTs on record, including the First 5,000 Days, a compilation of 5000 pieces of artwork that sold for $69.3 million.

Elon Musk's spacecraft manufacturer Space X, tech giant Apple, luxury brand Louis Vuitton and other high-profile companies and individuals are all listed as clients on Beeple's website.

In May, a phishing scam netted $438,000 in crypto and NFTs through a hijacking of his Twitter account, linking to a raffle purporting to be related to a Louis Vuitton NFT collaboration. 

In Nov. 2021, his Discord was part of another scam, where an admin account was compromised and a fake NFT drop was advertised, netting the scammers an estimated 38 Ether (ETH) worth roughly $176,378.14 at the time.

Beeple did not disclose how many users may have been impacted by the current malicious Discord links.

Cointelegraph has reached out to Beeple but has not received an immediate response at the time of publication.

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase

Report: Bored Ape Yacht Club Discord Attacker May Have Been Involved in Previous NFT Phishing Scams

Report: Bored Ape Yacht Club Discord Attacker May Have Been Involved in Previous NFT Phishing ScamsOn June 4, 2022, the Bored Ape Yacht Club (BAYC) Discord server was compromised and a phishing scam targeted non-fungible token (NFT) collectors holding BAYC, Mutant Ape Yacht Club (MAYC), and Otherside NFTs. According to an analysis by the Web3 and blockchain auditing and security firm Certik, the BAYC Discord server attacker may have been […]

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase

Targeted phishing scam nets $438K in crypto and NFTs from hacked Beeple account

Links posted to a fake Louis Vuitton non-fungible token (NFT) raffle were made to capitalize on a recent real collaboration between Beeple and the luxury fashion brand.

Digital artist and popular non-fungible token (NFT) creator Mike Winkelmann, more commonly known as Beeple, had his Twitter account hacked on Sunday, May 22 as part of a phishing scam.

Harry Denley, a Security Analyst at MetaMask, alerted users that Beeple’s tweets at the time containing a link to a raffle of a Louis Vuitton NFT collaboration were in fact a phishing scam that would drain the crypto out of users' wallets if clicked.

The scammers were likely looking to capitalize on a real recent collaboration between Beeple and Louis Vuitton. Earlier in May, Beeple designed 30 NFTs for the luxury fashion brand’s “Louis The Game” mobile game which were embedded as rewards to players.

The scammer continued to post phishing links from Beeple’s Twitter account leading to fake Beeple collections, luring in unsuspecting users with the promise of a free mint for unique NFTs.

The phishing links were up on Beeple’s Twitter for around five hours and on-chain analysis of one of the scammers' wallets shows the first phishing link scored them 36 Ethereum (ETH) worth roughly $73,000 at the time.

The second link netted the scammers around $365,000 worth of ETH and NFTs from high-value collections such as the Mutant Ape Yacht Club, VeeFriends, and Otherdeeds amongst others bringing the grand total value stolen from the scam to around $438,000.

On-chain data shows the scammer selling the NFTs on OpenSea and putting their stolen ETH into a crypto mixer in an attempt to launder the gains.

Beeple later tweeted that he had regained control of his account and added to remind his followers that “anything too good to be true IS A F*CKING SCAM.”

Related: Needed: A massive education project to fight hacks and scams

Beeple has created three of the top ten most expensive NFTs sold to date including one which sold for $69.3 million, the most expensive ever sold to a sole owner. This attention has made him a target for hacks.

In November 2021, an admin account on Beeple’s Discord was hacked with scammers there also promoting a similarly fake NFT drop which resulted in users losing around 38 ETH.

Earlier this month, cybersecurity firm Malwarebytes released a report which highlighted a rise in phishing attempts as scammers try to cash in on NFT hype. The firm noted the use of fraudulent websites depicted as legitimate platforms is the most common tactic used by scammers.

Lightchain Blasting Through Stage 8 Over the Christmas Holiday Before Price Increase