While cryptocurrency scams have stolen millions of dollars worth of cryptocurrency, ethereum NFT from an unsuspecting user’s wallet, an unknown pseudonymous entity called “Monkey Drainer” has requested a fresh cache of valuable cash. Cryptopunks When other side NFTs.
Self-proclaimed “on-chain detective” Zach XBT— A pseudonymous Twitter user with a history of exposing data on cryptocurrency scams and controversial figures — shared Thursday night that the Monkey Drainer stole 520 ETH worth NFTs Worth about $800,000 from these two precious Yuga Labs collections.
Some NFTs were spread across multiple wallets and eventually sold.Based on publicly available blockchain data Etherscanthe attackers then poured 400 ETH through Tornado Cash, an Ethereum cryptographic privacy tool. Licensed Approved by the U.S. government in August and legally not available for use by citizens.
Last week, ZachXBT revealed that Monkey Drainer roughly 700 ether The value of assets from unsuspecting users who signed malicious transactions under the assumption that they were opting for free NFT airdrops. However, they were actually scams advertised through his Twitter account in impersonation.When a victim clicks a link and connects wallettheir assets disappeared.
ZachXBT previously estimated that the Monkey Drainer had stolen far more. $3.5 million The value of crypto and NFTs. Monkey Drainer Gabriel Leydon’s Twitter account hijackedCEO Web3 On Wednesday we host Limit Break, a gaming startup.
Adding this week’s attacks to the tally brings the total estimated damage to over $4.3 million.But who is the Monkey Drainer? The drainer’s identity remains unknown, but ZachXBT said Decryption Monkey Drainer via a Twitter DM that “likely to be one.”
“Monkey Drainer is probably one of the following types. [as-a-service] situation,” he said. “But a lot of people are customers.”
In other words, other parties may be using Monkey Drainer’s playbook to carry out an even broader scam. To further complicate the ambiguity surrounding Monkey Drainer’s identity, an influx of Twitter bots attacked ZachXBT’s thread about his latest NFT theft with the phrase “MONKEY DRAINER BEST – Team Monkey.”
Weird spam comments suggest that Monkey Drainer has some kind of “team”, but whether Monkey Drainer is actually one person, a group of affiliates, or for illicit gain. It is unknown if it is a group of pseudonymous strangers using the Monkey Drainer “toolkit”. .
Web3 security company Wallet Guard does as well, and Monkey Drainer Malware as a Servicewhich means the creator of the “drainer” smart contract—that is, NFT and Decentralized application— sells phishing toolkits to others.
“Monkey sells drainers with 30% off attack,” tweeted ZachXBT. “So other scammers are coming to him with these accounts.”
Monkey sells his drain with a 30% cut in attack. So other scammers are coming to him with these accounts.
—ZachXBT (@zachxbt) November 3, 2022
But David Schwed, COO of Web3 security company, said: Halborndoes not consider these attacks to be particularly complex. Even though the Drainer tool still takes many lives.
“The attacks are rather straightforward, and with proper cyber hygiene, NFT holders can easily defend themselves,” Schwed said. Decryption on mail. “For the scam to work, NFT holders must grant malicious actors access to conduct transactions.”
In the NFT space We’ve seen a surge in these scams Many have been shared through hacked social media accounts, allowing collectors to sell to legitimate NFT mints or air drop Claim. Instead, they unknowingly give the attacker full access to their wallet holdings, typically letting them swipe her NFTs and crypto without realizing it.
Monkey Drainer may be rampaging across the Ethereum network for now, but at least one ethical hacker is trying to slow its reign in the chaos.
PocketUniverse, an encrypted browser extension, reported that a Discord user named “blockdev” was able to successfully block some drain transactions initiated by Monkey Drainer by attacking the drain’s API key. Still, the damage done by the Monkey Drainer exploit stacks up.
He attacked their API key!
One of Monkey’s attack techniques is1) Trick you into signing a gasless OS offer that gives you NFTs for free
2) Broadcast that offer to the ETH blockchain and “activate” the offer to steal your assets
blockdev was blocking step 2 🛑
↓ pic.twitter.com/X7QsfuBbNX— Pocket Universe 🟣 (@PocketUniverseZ) October 30, 2022
ZachXBT said Decryption He said Monkey Drainer first started around August of this year, and whoever created the exploit could face competition from other scammers looking to get into the same kind of racket. I believe there is.
“In the long run, I think Monkey Drainer needs to be continuously updated to remain competitive, otherwise new methods will gain market share.”
