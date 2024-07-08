Notorious wallet-draining group Pink Drainer fell victim to its own tactics and sent 10 $ETH now worth over $30K to a fraudulent wallet.

This incident shows that, despite the knowledge of experienced scammers, address poisoning is a huge threat in the crypto arena.

This incident shows that, despite the knowledge of experienced scammers, address poisoning is a huge threat in the crypto arena. There’s a critical need for security practices, especially double-checking wallet addresses before making crypto transactions.

On July 7, the crypto compliance platform MisTrack found that Pink Drainer fell prey to an ‘address poisoning scam’ – its own hacking tactics.

Pink Drainer was bitten by its own bait when it accidentally sent 10 $ETH to a counterfeit wallet instead of its own on June 28 and lost $27,480 in $ETH (at the time).

Considering Pink Drainer has reportedly stolen $85.2M worth of crypto through this type of attack, this news highlights how anyone can fall victim to poisoning scams and the need to protect oneself.

Scamming the scammer 🤣 It seems like an address associated with the Pink Drainer fell victim to the address poisoning scam. Pink Drainer: 0x8980ab6d185af9bcc10292d4e91ae4c0b4f14213 Real: 0xEfF0E5244d5C78Ba4DD6bc01082576280558f58A

Fake:… pic.twitter.com/1CCWTufeZv — MistTrack🕵️ (@MistTrack_io) July 7, 2024

Pink Drainer’s $27,480 Crypto Mistake

An address poisoning scam is when a cybercriminal sends small amounts of crypto from a wallet to one that has a near identical address to deceive the target into transferring crypto funds to the scammer for financial gain.

Another example of poisoning scams is IBAN fraud, whereby fraudsters attempt to obtain money or personal information by pretending to be an authorized financial transaction.

Crypto-based address poisoning scammers often use bots (like WienerAI and Floki Inu) to monitor new transactions. Though they cannot decode crypto addresses, they can mimic a legitimate address to trick victims into sending funds to the hacker’s address.

Deploying this scheme, an unknown attacker created a wallet address relatively similar to one of Pink Drainer’s wallets, which caused them to fall into their own trap and send 10 $ETH worth $27,480 to the wrong address on June 28 (when the value of 1 $ETH was $2,748).

With $ETH’s price currently being $3,046, the amount of stolen $ETH now amounts to $30,460.

Despite being well-versed in this domain, the difference between Pink Drainer’s wallet address and the scammer’s is a sizable chunk – the only similarities between the two addresses are the first and last characters.

The $ETH was sent under the account ‘0x8980ab6d185af9bcc10292d4e91ae4c0b4f14213’ to ‘0xEfF0eCD2eB275C3CEE4A17D9B8f101551d58f58A’ instead of ‘0xEfF0E5244d5C78Ba4DD6bc01082576280558f58A.’

The Closure of a $85.2M+ Crypto Heist

This incident comes after crypto sleuth ZachXBT announced on Telegram that Pink Drainer is ceasing its operations after stealing a total of $75M+ crypto on May 17.

Dune, however, reported a higher total of Pink Drainer’s thefts following the ‘scam-of-a-services’ closure. The analysts found their stolen tokens amount to $85.2M+ (14% more stolen assets compared to ZachXBT’s findings) across different blockchains by singling out 21K+ victims.

Interestingly, Pink Drainer stole its biggest amount of tokens ($4M equivalent) in December 2023, a month after Inferno Drainer (another major crypto drainer) shut down after successfully stealing over $80M in crypto.

Safeguarding Against Address Poisoning Scams

Despite both Pink Drainer and Inferno Drainer halting their operations, crypto scams are still a cause of concern. For example, just months ago, Binance announced there were 300K fake addresses created to ‘fool traders every week.’

Here’s how you can protect yourself from address poisoning attempts:



Double-check wallet addresses against a trusted source

Double-check wallet addresses against a trusted source Use features like MetaMask’s ‘Address Book,’ where you can securely store your addresses and hackers cannot change them

Use features like MetaMask’s ‘Address Book,’ where you can securely store your addresses and hackers cannot change them Store your funds in a hardware wallet or cold wallet because keeping your keys for accessing your crypto offline reduces the likelihood of scams

Store your funds in a hardware wallet or cold wallet because keeping your keys for accessing your crypto offline reduces the likelihood of scams Make small test transactions before making larger ones to make sure your funds are sent to the correct place beforehand



Important Lessons Learned

Pink Drainer’s mishap is a reminder that anyone can fall victim to crypto hacks regardless of their industry knowledge.

Though this scenario has given Pink Drainer a taste of its own medicine, it’s a shame that none of the lost funds will benefit the wallet draining group’s victims.

By double-checking wallet addresses, using secure storage solutions, and doing your due diligence before making transactions, you can significantly reduce the risk of losing your crypto.

