Caution: Scam-as-a-Service Allowing the Cybercriminals to Drain Crypto Wallets

Researchers studying cybersecurity are alerting people to a rise in phishing scams that have the potential to empty Bitcoin wallets.

Researchers at Check Point Oded Vanunu, Dikla Barda, and Roman Zaikin said, "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique."

The infamous phishing group Angel Drainer, which promotes a "scam-as-a-service" offering and charges a percentage of the stolen money—typically 20% or 30%—from its partners in exchange for wallet-draining scripts and other services, is a significant contributor to this alarming trend.

In the last days of November 2023, an indistinguishable wallet-draining service (Inferno Drainer) announced to shut down its services. Back then, it helped online scammers to plunder nearly $70 million worth of cryptocurrencies from more than 100,000 victims.

In May 2023, a Web3 anti-scam solution provider stated that the seller charged nearly 20% of the stolen assets and also, he specialized in multi-chain schemes.

The hacker informed people about it through a Telegram Channel, saying “It has been a long ride with all of you and we'd like to thank you from heart [sic]. A big thanks to everyone who has worked with us such as Drakan and every other customer, we hope you can remember us as the best drainer that has ever existed and that we succeeded in helping you in the quest of making money.”

The main component of such services has been a bit-draining kit, that makes it easier for people to steal cryptocurrencies from their victim’s wallets without their permission or knowledge. Usually, hackers use phishing tactics and airdrop services to connect their victims’ wallets to phony websites.

Such websites are connected to several malware campaigns, unsolicited emails, etc. Earlier this month, a phishing scam was detailed where the fake ads for crypto platforms redirected people to sketchy websites. Later on, these websites were used to drain their victims’ soft crypto wallets.

Check Point noted, "The user is induced to interact with a malicious smart contract under the guise of claiming the airdrop, which stealthily increases the attacker's allowance through functions like approve or permit. Unknowingly, the user grants the attacker access to their funds, enabling token theft without further user interaction. Attackers then use methods like mixers or multiple transfers to obscure their tracks and liquidate the stolen assets."

Users should use Hardware Wallets to store their crypto assets and minimize the risks of such crypto scams. It's a great tool for enhanced security and verification of smart contracts. In addition to these benefits, it also reviews wallet allowances at regular intervals to detect any suspicious activity.