A Crypto Drainer Attack Targets Cryptocurrency Investors

Cryptocurrency investors are a prime target for cyber criminals. A recent attack involving wallet drainers is one example. These scams work by tricking users into executing a transaction that gives hackers access to their cryptocurrency. Security researchers at Recorded Future recently spotted ready-to-go crypto drainer phishing pages advertised on a top-tier Dark Web forum. These pages purport to mint non-fungible tokens (NFTs).

Phishing

Phishing is a scam that steals sensitive information from people by impersonating a legitimate organization. Attackers use fraudulent emails and websites to trick victims into providing their account credentials or downloading malware. These attacks are responsible for many incidents of identity theft and credit card fraud. To protect yourself, always verify website links before clicking on them. Ensure that the URL starts with HTTPS, which indicates that it is a secure site. Also, enable Multi-Factor Authentication (MFA) to reduce an attacker’s window of opportunity.

Other types of phishing include pharming, whaling and smishing. Pharming involves two-phase attacks that install malware on a victim’s device and then redirect them to a spoofed domain through DNS poisoning. Whaling targets specific individuals within an organization, such as high-profile CEOs, to steal trade secrets and intellectual property. Smishing is phishing via SMS text message, and vishing uses voice-changing software to impersonate targeted victims. These attacks are often facilitated by man-in-the-middle exploits using malicious free Wi-Fi hotspots.

Social Engineering

Cryptocurrency wallets are designed with security in mind, but vulnerabilities exist that can be exploited by attackers. These attacks can steal cryptocurrencies from victims’ wallets without their consent. They also can cause disruptions to the victim’s computer or take control of their device. To prevent these attacks, individuals and businesses should practice good security habits. They should use 2FA on their social media accounts and consider implementing hardware wallets.

One of the most common types of attack is the crypto drainer, a malware that can steal cryptocurrency from a user’s wallet by tricking them into signing off-chain transactions. This process allows the attacker to steal as much currency as possible from the wallet. The threat actor can then move the stolen coins to their own wallets. These scams are spread through phishing pages that imitate popular crypto services, such as exchanges and non-fungible token (NFT) platforms. The phishing pages often leverage legitimate extensions and applications that are commonly used with the services they imitate.

Exploitation Of Vulnerabilities

According to research conducted by Recorded Future, cybercriminals are using crypto drainers to steal valuable assets from unsuspecting victims. Typically, they distribute phishing links on X and other popular forums that claim to mint non-fungible tokens (NFTs) or other rewards. When the victim visits these websites and connects their wallet, the drainer is activated to quickly empty the connected wallet. This malware is especially dangerous for crypto investors because it uses phishing and brute force password attacks to gain access to wallets. It also targets accounts that do not use 2FA or MFA. Moreover, it can exploit vulnerabilities in the blockchain network to transfer stolen funds.

The drainer is based on the CLINKSINK malware, which was used in the recent account takeovers on X and Twitter. It is sold as a fully-managed software-as-a-service (DaaS) by threat actors on underground markets and Telegram channels. It is also distributed by phishing pages that imitate crypto services, such as NFT platforms.

Fraudulent Transactions

Fraudulent transactions are a common threat across digital markets and can lead to theft of financial resources, goods, or even personal information. It is often a complex and layered attack that requires advanced fraud detection techniques. Fortunately, there are several red flags that can help you identify transaction fraud in your business, including sudden spikes in large transactions, bot-like behaviour, login attempts on accounts with high risk scores, and connections via a tor client.

Other types of fraudulent transaction include online auction fraud, where criminals use fake identities to make payments for items that are never delivered or sold as advertised. It also includes account takeovers, where criminals gain unauthorized access to an individual’s financial accounts. As CNP (card not present) payment methods proliferate, it becomes increasingly difficult to verify customers. This allows opportunistic fraudsters to take advantage of customer care return policies and chargeback procedures, where they claim products or services are defective or not as described.

Conclusion

A type of malware that steals digital currency from victims’ wallets. The attack typically involves phishing and the use of malicious smart contracts to initiate unauthorized transfers. The threat actors behind these attacks often employ services such as drainer-as-a-service (DaaS) to automate the stealing of coins from users’ wallets. This is a new trend that researchers are concerned about.