Crypto drainer steals $59 million from 63k people in Twitter ad push

Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.
According to blockchain threat analysts at ScamSniffer, they discovered over ten thousand phishing websites using the drainer from March 2023 to today, with spikes in the activity observed in May, June, and November.
A drainer is a malicious smart contract or, in this case, a complete phishing suite designed to drain funds from a user's cryptocurrency wallet without their consent.
Users are taken to a legitimate-appearing phishing website and tricked into approving malicious contracts, allowing the drainer to automatically perform unauthorized transactions and transfer the victim's money to the attacker's wallet address.
The source code for MS Drainer is sold to cybercriminals for $1,500 by a user named 'Pakulichev' or 'PhishLab,' who also charges a 20% fee on any funds stolen with the toolkit.
According to blockchain data on MS Drainer's activity, one of its Ethereum-chain victims lost $24 million worth of cryptocurrency, while other notable cases involve victims losing between $440,000 and $1.2 million.
In Google Search, MS Drainer is promoted via malicious ads that are shown for keywords related to DeFi platforms like Zapper, Lido, Stargate, Defillama, Orbiter Finance, and Radiant.
Many of those ads exploit Google Ads' tracking template loophole to make the URL appear as belonging to the spoofed project's official domain.
A redirection takes those who click to a phishing site.
On X, better known as Twitter, advertisements for MS Drainer are so abundant that ScamSniffer reports they account for six out of nine phishing ads on their feed.
Security researcher MalwareHunterTeam, who has been tracking similar ads, told BleepingComputer they believe the Twitter account holders may have been infected with malware that stole their authentication cookies or passwords, allowing the threat actors to create advertisements from the hacked accounts.
Strangely, the researcher spoke to an X account advertising a cryptocurrency scam and was told that there was no trace of the ads in their advertising accounts.
The ads also promoted NFT airdrops and new token launches on sites that contain the drainer.
ScamSniffer says one detection bypass method employed by these ads is geofencing, which only targets users from pre-defined regions and redirects the rest to legitimate/innocuous websites.
Cryptocurrency scams have always performed well on X, but with trustworthy, hacked accounts now displaying advertisements promoting malicious sites, we should expect to see these types of attacks become even more successful.
Users should be very cautious when seeing cryptocurrency-related ads and perform due diligence before signing up to new platforms, let alone connecting their wallets.
Fraudsters make $50,000 a day by spoofing crypto researchers.
Crypto scammers abuse Twitter 'feature' to impersonate high-profile accounts.
WordPress hosting service Kinsta targeted by Google phishing ads.
Bloomberg Crypto X account snafu leads to Discord phishing attack.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 21 Dec 2023 21:25:20 +0000


Cyber News related to Crypto drainer steals $59 million from 63k people in Twitter ad push

Netgear, Hyundai latest X accounts hacked to push crypto drainers - The official Netgear and Hyundai MEA Twitter/X accounts are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware. While Hyundai has already regained access to their account and has cleaned ...
10 months ago Bleepingcomputer.com
Crypto drainer steals $59 million from 63k people in Twitter ad push - Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. According to blockchain threat analysts at ScamSniffer, they ...
10 months ago Bleepingcomputer.com
Mandiant's X account hacked by crypto Drainer-as-a-Service gang - The threat actor who took over Mandiant's X social media account used it to share links, redirecting the company's over 123,000 followers to a phishing page to steal cryptocurrency. As Mandiant found during a follow-up investigation into the ...
10 months ago Bleepingcomputer.com
Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns - On January 3, 2024, Mandiant's X social media account was taken over and subsequently used to distribute links to a cryptocurrency drainer phishing page. The following blog post provides additional insight into the drainer leveraged in this campaign, ...
10 months ago Mandiant.com
Web3 security firm CertiK's X account hacked to push crypto drainer - The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer. Crypto fraud sleuth ZachXBT later leaked screenshots of ...
10 months ago Bleepingcomputer.com
How a 'crypto drainer' tricked people into handing over $80 million in assets worldwide - Researchers have detailed how a scam campaign spoofed over a hundred cryptocurrency brands in the past year, stealing at least $80 million in assets from its victims' digital wallets. The researchers warn that the software and those users still pose ...
10 months ago Therecord.media
$80M in Crypto Disappears Into Drainer-as-a-Service Malware Hell - According to Group-IB, the attackers hosted the phishing pages using more than 16,000 unique domains over the course of the campaign, which ran between November 2022 and November 2023, after which it was disrupted. While Inferno Drainer may have ...
10 months ago Darkreading.com
Mandiant's Twitter account hacked to push cryptocurrency scam - The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. In tests by BleepingComputer, those who click the 'Claim Aidrop' ...
10 months ago Bleepingcomputer.com
X users fed up with constant stream of malicious crypto ads - Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams. Like all advertising platforms, X, formerly known as Twitter, claims to show advertisements based on a user's activity, ...
10 months ago Bleepingcomputer.com
"Pink Drainer" Siphons $4.4 Million Chainlink Through Phishing - Pink Drainer, the infamous crypto-hacking outfit, has been accused in a highly sophisticated phishing scheme that resulted in the theft of $4.4 million in Chainlink tokens. This recent cyber crime targeted a single victim who was duped into signing a ...
10 months ago Cysecurity.news
Mandiant's account on X hacked to push cryptocurrency scam - The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam. In tests by BleepingComputer, those who click the 'Claim Aidrop' ...
10 months ago Bleepingcomputer.com
Crypto wallet founder loses $125,000 to fake airdrop website - A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd ...
10 months ago Bleepingcomputer.com
Hackers Stolen Over $58 Million Crypto Via Malicious Google Ads - Threat actors targeting crypto wallets for illicit transactions have been in practice for quite some time. Threat actors have been using Wallet Drainers for such cybercrime activities, which have seen great success in recent years. Several techniques ...
10 months ago Gbhackers.com
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
11 months ago Darkreading.com
Hackers hijack govt and business accounts on X for crypto scams - Hackers are increasingly targeting verified accounts on X belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams. A recent high-profile case is the X account of cyber threat ...
10 months ago Bleepingcomputer.com
Multichain Inferno Drainer Abuse Web3 Protocols - A cryptocurrency-related phishing scam that uses malware called a drainer is one of the most widely used tactics these days. From November 2022 to November 2023, 'Inferno Drainer', a well-known multichain cryptocurrency drainer, was operational under ...
10 months ago Gbhackers.com
Crypto Drainer Steals $59m Via Google and X Ads - A crypto drainer is a type of malware that tricks the user into approving a transaction which then automatically drains their cryptocurrency wallets. Scam Sniffer revealed that one particular version, MS Drainer, was behind the new spate of attacks. ...
10 months ago Infosecurity-magazine.com
Thousands of Young People Told Us Why the Kids Online Safety Act Will Be Harmful to Minors - How young people feel about the Kids Online Safety Act matters. These comments show that thoughtful young people are deeply concerned about the proposed law's fallout, and that many who would be affected think it will harm them, not help them. In ...
8 months ago Eff.org
Nest Wallet CEO Loses $125,000 in Wallet Draining Scam - The co-founder and CEO of a startup cryptocurrency wallet said he lost $125,000 in crypto in a scam, becoming among the latest victims of the growing threat of wallet drainer malware that one cybersecurity firm stole almost $300 million from more ...
10 months ago Securityboulevard.com
Ledger dApp supply chain attack steals $600K from crypto wallets - Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. Ledger is a hardware wallet that lets users buy, ...
11 months ago Bleepingcomputer.com
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months - A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains. AsyncRAT is an open-source remote access tool for Windows, publicly ...
10 months ago Bleepingcomputer.com
Mandiant's X Account Was Hacked in Brute-Force Password Attack - Cyber threat intelligence giant Mandiant has shared the result of its investigation on its recent X account hijacking following a wave of crypto-related X account hacks. On January 3, 2024, the X account of Mandiant, a subsidiary of Google Cloud, was ...
10 months ago Infosecurity-magazine.com
Ex-Amazon engineer pleads guilty to hacking crypto exchanges - Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. The two affected companies are Nirvana Finance, a decentralized crypto exchange, and an ...
11 months ago Bleepingcomputer.com
China's MIIT Proposes Color-coded Contingency Plan for Security Incidents - On Friday, China proposed a four-tier classification system, in an effort to address data security incidents, underscoring concerns of Beijing in regards to the widespread data leaks and hacking incidents in the country. This emergency plan comes ...
11 months ago Cysecurity.news
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)