A hacking group called ‘Pink Drainer’ has been impersonating journalists in phishing attacks in order to compromise Discord and Twitter accounts and steal cryptocurrency.
According to anti-scam platform ScamSniffer analysts, Pink Drainer was able to compromise the accounts of 1,932 victims and steal about $3 million in digital assets on the Mainnet, Arbitrum, BNB, Polygon, Optimism, and other blockchains.
The threat actor was captured by ScamSniffer’s on-chain monitoring bots after stealing $3,27,000 in NFTs from a single person, reports BleepingComputer.
Recent targets are believed to include OpenAI CTO Mira Murati, American DJ Steve Aoki, and Starknet, among others.
Moreover, the report showed that the hacking group compromises accounts through social engineering, in which threat actors impersonate journalists from popular media outlets such as Cointelegraph and Decrypt to conduct phoney interviews with victims.
After gaining the trust of their victims, threat actors inform them that they must perform a KYC (know your customer) validation to prove their identity, directing them to websites used to steal Discord authentication tokens.
These sites impersonate malicious bots, such as the Carl verification bot, and instruct users to add bookmarks containing malicious JavaScript code by dragging them to a “Drag Me” button on the malicious page.
By intercepting the two-factor authentication code or stealing Discord tokens, attackers are able to hijack accounts without knowing users’ credentials or having access to two-factor authentication codes, the report said.
To gain complete control of the account, the attackers installed themselves as administrators and removed all other administrators, allowing them to steal digital assets and sensitive information without being interrupted.
Meanwhile, Atomic Wallet, a mobile and desktop crypto wallet allowing users to store various cryptocurrencies, has experienced a security breach and lost over $35 million in crypto assets since June 2.
ZachXBT, an on-chain investigator, has been collecting transactions of funds stolen from Atomic Wallet victims and claimed that over $35 million in cryptocurrency has been stolen as a result of this compromise.
20230612-115202