In a recent report by Scam Sniffer, a blockchain security platform, it was revealed that scammers have been using a wallet draining service called “MS Drainer” to steal cryptocurrencies. Over the past nine months, they have reportedly siphoned off approximately $59 million. These scammers have been targeting victims through fake versions of popular crypto websites such as Zapper, Lido, and others, cleverly using Google Ads for their deceptive practices. Wallet drainers, which exploit the token approval process, allow unauthorized transfers of cryptocurrency from victims' wallets.
Scam Sniffer discovered MS Drainer in March, with the SlowMist Security Platform team aiding in the investigation. Further insights came in June from on-chain investigator ZachXBT, who uncovered a phishing scam named “Ordinal Bubbles” connected to MS Drainer. An alarming number of phishing ads, some with malicious programs, were found on Google. Scammers employed tactics like regional targeting and page switching to circumvent Google’s ad review systems, making it challenging for moderators to detect and prevent these phishing scams.
The scammers also used web redirects to mislead users. For instance, a fraudulent website named cbridge.ceiler.network, intentionally misspelled to mimic the legitimate cbridge.celer.network, was used to trick users. Despite correct spelling in the ads, the links redirected users to these scam sites. Scam Sniffer’s investigation revealed over 10,000 fake websites associated with MS Drainer. The activity peaked in November but has significantly decreased since. Dune Analytics tracked this operation, revealing that over 63,000 victims lost a total of $58.98 million to these scams.
The developers of MS Drainer adopted an unconventional marketing approach. Unlike typical wallet draining schemes that charge a percentage of profits, MS Drainer was sold on a forum for a flat fee of $1,499.99. For additional features, the developers offered extra modules at various prices, attracting scammers with this pricing strategy. This wallet draining trend is a growing concern in the Web3 ecosystem. Notably, other drainers like “Inferno” and “Monkey Drainer” have ceased operations, having stolen over $80 million and $13 million respectively.
This situation highlights the increasing sophistication of scammers in the digital currency space and the challenges in combatting such schemes. The effectiveness of these scams underlines the need for heightened security measures and awareness among cryptocurrency users. As wallet drainers become more prevalent, users and platforms alike must stay vigilant to protect their assets in the ever-evolving landscape of Web3 and cryptocurrency.
