Pink Drainer Falls Victim to Its Own Hacking Tactics, Loses $30K of $ETH

• Notorious wallet-draining group Pink Drainer fell victim to its own tactics and sent 10 $ETH now worth over $30K to a fraudulent wallet.
• This incident shows that, despite the knowledge of experienced scammers, address poisoning is a huge threat in the crypto arena.
• There's a critical need for security practices, especially double-checking wallet addresses before making crypto transactions.

On July 7, the crypto compliance platform MisTrack found that Pink Drainer fell prey to an address poisoning scam' - its own hacking tactics.

Pink Drainer was bitten by its own bait when it accidentally sent 10 $ETH to a counterfeit wallet instead of its own on June 28 and lost $27,480 in $ETH (at the time).

Considering Pink Drainer has reportedly stolen $85.2M worth of crypto through this type of attack, this news highlights how anyone can fall victim to poisoning scams and the need to protect oneself.

Scamming the scammer

It seems like an address associated with the Pink Drainer fell victim to the address poisoning scam.

Pink Drainer: 0x8980ab6d185af9bcc10292d4e91ae4c0b4f14213

Real: 0xEfF0E5244d5C78Ba4DD6bc01082576280558f58A
Fake:... pic.twitter.com/1CCWTufeZv

- MistTrack (@MistTrack_io) July 7, 2024

Pink Drainer's $27,480 Crypto Mistake

An address poisoning scam is when a cybercriminal sends small amounts of crypto from a wallet to one that has a near identical address to deceive the target into transferring crypto funds to the scammer for financial gain.

Another example of poisoning scams is IBAN fraud, whereby fraudsters attempt to obtain money or personal information by pretending to be an authorized financial transaction.

Crypto-based address poisoning scammers often use bots (like WienerAI and Floki Inu) to monitor new transactions. Though they cannot decode crypto addresses, they can mimic a legitimate address to trick victims into sending funds to the hacker's address.

Deploying this scheme, an unknown attacker created a wallet address relatively similar to one of Pink Drainer's wallets, which caused them to fall into their own trap and send 10 $ETH worth $27,480 to the wrong address on June 28 (when the value of 1 $ETH was $2,748).

With $ETH's price currently being $3,046, the amount of stolen $ETH now amounts to $30,460.

Despite being well-versed in this domain, the difference between Pink Drainer's wallet address and the scammer's is a sizable chunk - the only similarities between the two addresses are the first and last characters.

The $ETH was sent under the account 0x8980ab6d185af9bcc10292d4e91ae4c0b4f14213' to 0xEfF0eCD2eB275C3CEE4A17D9B8f101551d58f58A' instead of 0xEfF0E5244d5C78Ba4DD6bc01082576280558f58A.'

The Closure of a $85.2M+ Crypto Heist

This incident comes after crypto sleuth ZachXBT announced on Telegram that Pink Drainer is ceasing its operations after stealing a total of $75M+ crypto on May 17.

Dune, however, reported a higher total of Pink Drainer's thefts following the scam-of-a-services' closure. The analysts found their stolen tokens amount to $85.2M+ (14% more stolen assets compared to ZachXBT's findings) across different blockchains by singling out 21K+ victims.

Interestingly, Pink Drainer stole its biggest amount of tokens ($4M equivalent) in December 2023, a month after Inferno Drainer (another major crypto drainer) shut down after successfully stealing over $80M in crypto.

Safeguarding Against Address Poisoning Scams

Despite both Pink Drainer and Inferno Drainer halting their operations, crypto scams are still a cause of concern. For example, just months ago, Binance announced there were 300K fake addresses created to fool traders every week.'

Here's how you can protect yourself from address poisoning attempts:

• Double-check wallet addresses against a trusted source
• Use features like MetaMask's Address Book,' where you can securely store your addresses and hackers cannot change them
• Store your funds in a hardware wallet or cold wallet because keeping your keys for accessing your crypto offline reduces the likelihood of scams
• Make small test transactions before making larger ones to make sure your funds are sent to the correct place beforehand

Important Lessons Learned

Pink Drainer's mishap is a reminder that anyone can fall victim to crypto hacks regardless of their industry knowledge.

Though this scenario has given Pink Drainer a taste of its own medicine, it's a shame that none of the lost funds will benefit the wallet draining group's victims.

By double-checking wallet addresses, using secure storage solutions, and doing your due diligence before making transactions, you can significantly reduce the risk of losing your crypto.

References

Click to expand and view sources

• Ethereum Price Today (CoinMarketCap)
• Pink Drainer Scam Stats (Dune)
• Crypto phishing kit Inferno Drainer shuts down after enabling over $80M in scams (CoinMarketCap)
• Binance, a major crypto exchange, says it's finding 300,000 fake addresses meant to fool traders every week (Business Insider)
• Address poisoning scams (MetaMask)

The post Pink Drainer Falls Victim to Its Own Hacking Tactics, Loses $30K of $ETH appeared first on The Tech Report.