Crypto Sleuth Unmasks Phishing Wallet That Has Drained Over $10M In Crypto & NFTs
Have you ever wondered how some hackers manage to steal millions of dollars worth of crypto and non-fungible tokens (NFTs) from unsuspecting victims? Well, one crypto sleuth has revealed the identity and tactics of a notorious phishing scammer who has drained over $10 million in crypto and NFTs since December 2022. π±
In this article, we will tell you everything you need to know about this phishing wallet, how it works, and how to avoid falling prey to it. We will also share some insights from the crypto sleuth who unmasked the scammer and tracked down his transactions. π΅οΈββοΈ
But first, let's define what phishing is and why it is so dangerous for crypto users. π§
What is phishing and how does it affect crypto users?
Phishing is a type of cyberattack that involves tricking users into clicking on malicious links or downloading malicious attachments that can compromise their devices or accounts. Phishing can also involve impersonating legitimate entities or individuals to gain trust and access to sensitive information or funds. π
Phishing is one of the most common and effective ways of stealing crypto and NFTs from users. According to a report by CipherTrace, phishing accounted for 27% of all crypto-related thefts and hacks in 2022, totaling $129 million. π²
Phishing can take many forms, such as fake websites, fake emails, fake social media accounts, fake support messages, fake giveaways, fake airdrops, fake browser extensions, fake wallets, and more. The goal is always the same: to lure users into revealing their private keys, seed phrases, passwords, or other credentials that can grant access to their crypto wallets or accounts. π
Once the scammers have these credentials, they can easily transfer the funds or NFTs from the victim's wallet or account to their own. This is usually irreversible and untraceable, as most crypto transactions are final and anonymous. πΈ
Therefore, it is very important for crypto users to be vigilant and cautious when dealing with any online communication or interaction that involves their crypto or NFT assets. Always verify the source and authenticity of any message or link before clicking on it or entering any information. Never share your private keys, seed phrases, passwords, or other credentials with anyone, even if they claim to be from a trusted entity or platform. And always use reputable and secure wallets, exchanges, platforms, and extensions that have proper security measures and safeguards in place. π
How does the phishing wallet work and who is behind it?
Now that we have explained what phishing is and how it affects crypto users, let's take a closer look at the phishing wallet that has drained over $10 million in crypto and NFTs since December 2022. π§
This phishing wallet was unmasked by Tay (Twitter handle @zachxbt), an on-chain crypto sleuth and a builder at MetaMask protocol. In an April 18 blog post (opens in new tab), Tay revealed the identity and tactics of the scammer behind this wallet-draining operation. π΅οΈββοΈ
According to Tay, the scammer goes by the name of Monkey Drainer (Twitter handle @MonkeyDrainer), and he uses a sophisticated phishing scheme that involves creating fake websites that mimic popular NFT platforms such as OpenSea (opens in new tab), Rarible (opens in new tab), Foundation (opens in new tab), Zora (opens in new tab), SuperRare (opens in new tab), and others. π
The scammer then targets potential victims by sending them direct messages on Twitter or Discord, offering them free NFTs or exclusive access to NFT drops or sales. The messages contain links to the fake websites that look identical to the real ones, except for subtle differences in the URL or the logo. For example, the fake OpenSea website uses the domain name opensea.io.com instead of opensea.io, and the fake Rarible website uses the domain name rarible.com.co instead of rarible.com. π²
When the victims click on these links, they are prompted to connect their wallets to the fake websites using MetaMask, a popular browser extension that allows users to interact with Ethereum-based applications. However, when they do so, they are actually giving the scammer access to their private keys and seed phrases, which he can use to drain their wallets of all their crypto and NFT assets. π±
Tay estimates that the scammer has stolen over $10 million worth of crypto and NFTs from more than 8,000 wallets since December 2022. He has also tracked down the scammer's transactions and identified his main wallet address, which currently holds over $3.5 million worth of crypto and NFTs. Tay has reported this address to various platforms and authorities, hoping to freeze or recover some of the stolen funds. π
Tay also warns that the scammer is still active and may be using other phishing methods or platforms to target more victims. He advises crypto and NFT users to be extra careful and vigilant when dealing with any online communication or interaction that involves their assets. He also urges users to report any suspicious activity or messages to him or other security experts, as well as to the platforms or authorities involved. π¨
What can we learn from this phishing wallet case?
The phishing wallet case is a stark reminder of the risks and challenges that crypto and NFT users face in an emerging and largely unregulated industry. While crypto and NFTs offer many benefits and opportunities for innovation and creativity, they also attract many scammers and hackers who are looking to exploit the vulnerabilities and loopholes in the system. π
Therefore, it is crucial for crypto and NFT users to educate themselves and stay updated on the latest trends and developments in the industry. They should also follow best practices and tips for securing their wallets and accounts, such as using strong passwords, enabling two-factor authentication (2FA), backing up their keys and phrases, updating their software and extensions, and verifying the source and authenticity of any message or link before clicking on it or entering any information. π
Moreover, crypto and NFT users should be aware of the common types and signs of phishing scams, such as fake websites, fake emails, fake social media accounts, fake support messages, fake giveaways, fake airdrops, fake browser extensions, fake wallets, and more. They should also be wary of any offers or requests that seem too good to be true, such as free NFTs or exclusive access to NFT drops or sales. If something sounds fishy, it probably is. π
Finally, crypto and NFT users should not hesitate to report any suspicious activity or messages to the relevant platforms or authorities, as well as to security experts or community members who can help them verify or investigate the issue. By doing so, they can help prevent further losses or damages for themselves and others, as well as expose and stop the scammers or hackers behind them. πͺ
The Bottom Line
In this article, we have learned about a phishing wallet that has drained over $10 million in crypto and NFTs since December 2022. We have also learned how it works, who is behind it, and how to avoid falling prey to it. We have also learned some general tips and best practices for securing our crypto and NFT assets from phishing scams and other cyberattacks. π
We hope you have found this article informative and helpful. If you have any questions or feedback, please feel free to leave a comment below or contact us via email or social media. We would love to hear from you. π
And remember: always stay safe and smart when dealing with your crypto and NFT assets online. You never know who might be trying to phish you out of them. π£
