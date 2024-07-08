Countries
Pink Drainer Falls Victim to Its Own Hacking Tactics, Loses $30K of $ETH
Crypto News

Pink Drainer Falls Victim to Its Own Hacking Tactics, Loses $30K of $ETH

Leah Alger Senior Crypto Journalist
Updated:
  • Notorious wallet-draining group Pink Drainer fell victim to its own tactics and sent 10 $ETH now worth over $30K to a fraudulent wallet.
  • This incident shows that, despite the knowledge of experienced scammers, address poisoning is a huge threat in the crypto arena.
  • There’s a critical need for security practices, especially double-checking wallet addresses before making crypto transactions.

Pink Drainer loses $30K of $ETH

On July 7, the crypto compliance platform MisTrack found that Pink Drainer fell prey to an ‘address poisoning scam’ – its own hacking tactics.

Pink Drainer was bitten by its own bait when it accidentally sent 10 $ETH to a counterfeit wallet instead of its own on June 28 and lost $27,480 in $ETH (at the time).

Considering Pink Drainer has reportedly stolen $85.2M worth of crypto through this type of attack, this news highlights how anyone can fall victim to poisoning scams and the need to protect oneself.

Pink Drainer’s $27,480  Crypto Mistake

An address poisoning scam is when a cybercriminal sends small amounts of crypto from a wallet to one that has a near identical address to deceive the target into transferring crypto funds to the scammer for financial gain.

Another example of poisoning scams is IBAN fraud, whereby fraudsters attempt to obtain money or personal information by pretending to be an authorized financial transaction.

Crypto-based address poisoning scammers often use bots (like WienerAI and Floki Inu) to monitor new transactions. Though they cannot decode crypto addresses, they can mimic a legitimate address to trick victims into sending funds to the hacker’s address.

Deploying this scheme, an unknown attacker created a wallet address relatively similar to one of Pink Drainer’s wallets, which caused them to fall into their own trap and send 10 $ETH worth $27,480 to the wrong address on June 28 (when the value of 1 $ETH was $2,748).

With $ETH’s price currently being $3,046, the amount of stolen $ETH now amounts to $30,460.

Despite being well-versed in this domain, the difference between Pink Drainer’s wallet address and the scammer’s is a sizable chunk – the only similarities between the two addresses are the first and last characters.

Screenshot of the real and fake Pink Drainer wallet address

The $ETH was sent under the account ‘0x8980ab6d185af9bcc10292d4e91ae4c0b4f14213’ to ‘0xEfF0eCD2eB275C3CEE4A17D9B8f101551d58f58A’ instead of ‘0xEfF0E5244d5C78Ba4DD6bc01082576280558f58A.’

Screenshot of Pink Drainer’s wrong transaction on Etherscan

The Closure of a $85.2M+ Crypto Heist

This incident comes after crypto sleuth ZachXBT announced on Telegram that Pink Drainer is ceasing its operations after stealing a total of $75M+ crypto on May 17.

Screenshot of Pink Drainer announcing its closure on Telegram

Dune, however, reported a higher total of Pink Drainer’s thefts following the ‘scam-of-a-services’ closure. The analysts found their stolen tokens amount to $85.2M+ (14% more stolen assets compared to ZachXBT’s findings) across different blockchains by singling out 21K+ victims.

Screenshot of the amount of Pink Drainer’s stolen tokens by Dune Analytics

Interestingly, Pink Drainer stole its biggest amount of tokens ($4M equivalent) in December 2023, a month after Inferno Drainer (another major crypto drainer) shut down after successfully stealing over $80M in crypto.

Screenshot of stolen tokens by Pink Drainer – Dune Analytics

Safeguarding Against Address Poisoning Scams

Despite both Pink Drainer and Inferno Drainer halting their operations, crypto scams are still a cause of concern. For example, just months ago, Binance announced there were 300K fake addresses created to ‘fool traders every week.’

Here’s how you can protect yourself from address poisoning attempts:

  • Double-check wallet addresses against a trusted source
  • Use features like MetaMask’s ‘Address Book,’ where you can securely store your addresses and hackers cannot change them
  • Store your funds in a hardware wallet or cold wallet because keeping your keys for accessing your crypto offline reduces the likelihood of scams
  • Make small test transactions before making larger ones to make sure your funds are sent to the correct place beforehand

Important Lessons Learned

Pink Drainer’s mishap is a reminder that anyone can fall victim to crypto hacks regardless of their industry knowledge.

Though this scenario has given Pink Drainer a taste of its own medicine, it’s a shame that none of the lost funds will benefit the wallet draining group’s victims.

By double-checking wallet addresses, using secure storage solutions, and doing your due diligence before making transactions, you can significantly reduce the risk of losing your crypto.

References

Click to expand and view sources

Disclaimer: The opinions expressed in this article do not constitute financial advice. We encourage readers to conduct their own research and determine their own risk tolerance before making any financial decisions. Cryptocurrency is a highly volatile, high-risk asset class.
The Tech Report - Editorial ProcessOur Editorial Process

The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.
