Security analyst defends his crypto scam franchise

0


When crypto investor Ronald Mol clicked on an airdrop link shared by a trusted moderator in a Discord channel, little did he know the account had been taken over by a scammer equipped with the notorious Pink Drainer kit. 

“I felt like a real dumbass. How could I have been so stupid to fall for this?” Mol tells Magazine.

In draining kits, a developer or a team provides cybercriminals with a script alongside a tutorial on how to use it in exchange for a fee.

“Sometimes, they have someone available that can build the ‘customer’ a website if they have no skills in that area themselves, and in return, they get 20% to 30%,” Plum, a pseudonymous blockchain security researcher, tells Magazine.

Mol considers himself fortunate for not having many tokens in that particular wallet. 

However, not all victims share the same luck. Pseudonymous investor Trout tells Magazine that another malicious airdrop link led to the loss of $210,000 worth of crypto.

“I wanted to die,” Trout says.

The Pink Drainer kit assisted illicit actors in stealing at least $18 million in crypto assets from over 9,000 victims last year, including a $4.4 million theft from one investor alone.

Crypto scams: Social engineering, hacking and phishing

The developer of this drainer, who operates under the pseudonym Pink, doesn’t use the term “victims,” preferring to call those affected by the scam “participants.”

“Most people getting ‘drained’ are Chinese nationals who aren’t really supposed to be doing this whole DeFi thing in the first place, [and] some westerners get caught in the crossfire,” Pink tells Magazine.

Pink, whose Telegram profile features an animated cat, frequently shared cat memes when talking with Magazine. (Pink on Telegram)

Pink’s clients often use social engineering tactics, including hacking the social media accounts of influential figures.

In late February, MicroStrategy’s compromised X account shared a now-deleted tweet promoting a fake Ethereum token. It led to a phishing scam that drained over $420,000 in cryptocurrencies.

Blockchain records show that a portion of the loot from the MicroStrategy case was rerouted to a wallet associated with Pink Drainer. 

Read also

Art Week

Connecting the Dots: Collectivism and Collaboration in the Crypto Art World

Features

Is China softening on Bitcoin? A turn of phrase stirs the crypto world

With that, the world’s largest corporate Bitcoin holder joined a growing list of public figures, including Ethereum co-founder Vitalik Buterin and OpenAI chief technology officer Mira Murati, whose social media accounts have been exploited in Pink Drainer-linked phishing schemes. 

Pink Drainer promotes a successful crypto heist by sharing an emoji of a whale and the amount stolen.
Pink Drainer promotes a successful heist. (Pink Drainer on Telegram)

Pink claims to feel no guilt or remorse when benefiting from the losses of “participants,” arguing that it is natural for someone to lose money for another to gain.

“I don’t phish anyone, I just code,” Pink adds.

From fighting crypto scams to creating crypto scams

According to Plum, Pink has an intriguing history.

“Before he became Pink, he was a security researcher — or at least he pretended to be in order to get a better look at some of the security projects’ inner workings,” Plum says.

The developer was known in the security community as “Blockdev” and allegedly operated the X account @ChainThreats, according to Plum.

The account has since been deactivated, but a snapshot of Blockdev’s activity can still be viewed via the Internet Archive’s Wayback Machine.

A snapshot of ChainThreats’ X account taken on Nov. 16, 2022. (Internet Archive)

Blockdev was known to a few members of the security community as someone who worked to sabotage the schemes of drainers.

In particular, Blockdev regularly attempted DDoS attacks or hacks against Monkey, a pioneer among drainers who announced their retirement in March 2023 while directing potential clients to an alternative service known as Venom Drainer.

A community X post documents Blockdev’s past battles against Monkey Drainer. (Pocket Universe on X)

Fantasy, the founder of blockchain security firm Blockmage Labs, had one of the last reported message exchanges with Blockdev before they became Pink.

Fantasy says the two once hypothesized a potential attack on Venom Drainer’s back end system using specifically crafted orders at NFT marketplace Blur. 

This effort ultimately led to the revelation of Blockdev’s wallet address.

Read also

Features

The ethics of hiring cheap Filipino staff: Crypto in the Philippines Part 2

Features

When worlds collide: Joining Web3 and crypto from Web2

“Later, he would then use the same wallet as a fee receiver for his draining service,” Fantasy claims.

The Blockmage founder recollects that Blockdev provided valuable insights and research on various security topics, albeit in a “condescending” manner.

The transaction that revealed Blockdev’s wallet address to Fantasy. (Etherscan)

“My last conversation with him before he disabled his Blockdev Discord account was short, simply consisting of an inside joke only the Pink Drainer alias would understand, an acknowledgment from him, and subsequently going offline,” Fantasy adds.

Pink drainer, money laundering, crypto scams and mental health

Pink tells Magazine that he prefers to keep his ill-gotten gains in Dai, an algorithmic stablecoin pegged to the value of the U.S. dollar. 

An Ethereum wallet with a “Pink Drainer” label holds over $4.49 million in Dai as of March 8.

Pink’s Ethereum wallet balance. (Etherscan)

The developer asserts that there are no immediate intentions to convert earnings to fiat, preferring instead to “watch the pile grow.”

While the advancement of global crypto regulations and KYC requirements at centralized exchanges pose significant hurdles for cybercriminals looking to liquidate their assets, Plum says there are still plenty of alternative channels.

These include laundering or even purchasing KYC credentials or data from someone else.

“Low-income [and] third-world areas will quite happily sell their ID info for that purpose,” Plum adds.

In a now-deleted Telegram message to Magazine, Pink admits to his deteriorating physical and mental health. 

The draining scheme has become all-consuming for Pink, leading to lost sleep and a singular focus on nothing else.

Pink has now stopped responding to Magazine.

“I am a busy guy,” Pink’s last message says. 

Yohan Yun

Yohan Yun

Yohan Yun is a multimedia journalist covering blockchain since 2017. He has contributed to crypto media outlet Forkast as an editor and has covered Asian tech stories as an assistant reporter for Bloomberg BNA and Forbes. He spends his free time cooking, and experimenting with new recipes.





Source link

You might also like
Leave A Reply

Your email address will not be published.