Amidst a series of cryptocurrency scams that have stolen millions of dollars Ethereum NFT from unsuspecting users’ wallets, an unknown entity called ‘Monkey Drainer’ claimed a new cache of value Kryptoponics And the the other side NFTs.
Self-described “investigator on string” ZachXBTTwitter user with a pseudonym with a history of posting crypto-fraud data and controversial numbers shared Thursday night that Monkey Drainer stole 520 ETH NFTs Of these two are the valuable collections of Yuga Labs, which bring in approximately $800,000.
Some NFTs were transferred between multiple wallets and eventually sold. Based on public blockchain data visible through EtherscanThe attacker then funneled 400 ETH through Tornado Cash, a crypto integration tool for Ethereum that was accept it By the US government in August and citizens can’t use it legally.
Last week, ZachXBT reported that Monkey Drainer took about 700 eth The assets are from unsuspecting users who have signed malicious transactions thinking they have chosen a free airdrop from NFT. But they were in fact hoaxes promoted through spoofed Twitter accounts. When victims click on links and link files governorTheir origins are gone.
ZachXBT previously estimated that Monkey Drainer had stolen a lot 3.5 million dollars Encoder value and NFT. Monkey Drainer was also used for an exploit committed by him Gabriel Lydon’s Twitter account has been hijackedCEO of web 3 The game, Limit Break, begins on Wednesday.
Adding this week’s attacks to the tally brings the total estimated damage to more than $4.3 million. But who or what is “drying monkey”? While the identity of the dryer remains unknown, it was shared by ZachXBT Decrypt via Twitter DM that Monkey Drainer “may be a person.”
“Monkey Drainer is probably someone with some kind of [as-a-service] He said. “However, a lot of people are clients.”
In other words, other parties can use the Monkey Drainer Evidence to commit a larger range of fraud. To further complicate the mystery surrounding Monkey Drainer’s identity, the Twitter bot stream has also attacked ZachXBT’s thread about the recent NFT thefts with the phrase “MONKEY DRAINER BEST – Team Monkey”.
Odd spam comments suggest that Monkey Drainer has a “team” of some sort, although it’s unclear whether Monkey Drainer is actually a single person, a group of affiliates, or a group of strangers with pseudonyms who use Monkey Drainer “toolbox” for patients. gains obtained.
Web3 security company Wallet Guard also considers Monkey Drainer a type of file Malware as a Serviceconstructor means “drain” smart contract– This is the code that drives NFTs and decentralized applications— Sell his phishing kit to others.
ZachXBT tweeted: “Monkey sells his pelvis for 30% attack.” “So other scammers come to him with these accounts.”
Monkey sells his bank for 30% attack. So other scammers come to him with these accounts.
But David Shwed, COO of security firm Web3 HalbornYou don’t find these attacks particularly complex – although the drain tool still collects a lot of victims.
“The attacks are fairly uncomplicated, and with some proper electronic hygiene practices in place, NFT holders can easily protect themselves,” Schwed said. Decrypt By email. For the fraud to succeed, NFT holders must grant the malicious actor access to complete the transaction.
Its NFT space Seen an increase in these scams Over the course of 2022. Many are shared through hacked social media accounts, which point to what collectors believe are legitimate NFT coins or air drop requirements. Instead, they give the attacker full access to their wallet holdings, usually getting NFTs and swipes before they even realize it.
The Monkey Drainer may be failing on the Ethereum network at the moment, but at least one ethical hacker is trying to slow the chaos.
The PocketUniverse cryptographic browser extension has reported that a Discord user named “blockdev” was able to block some drain transactions initiated by Monkey Drainer by attacking the drain’s API keys. However, the damage from the exploits of the Monkey Drainer is accumulating.
Attack their API keys! So one of the monkey attack moves is
1) Being tricked into signing up for a gas-free OS offer that gives them free NFTs
2) Send this offer to the ETH blockchain and activate the offer to steal your assets
ZachXBT . said Decrypt He believes that Monkey Drainer debuted in August of this year, and that anyone who created the loophole could face competition from other scammers looking to get into the same type of racket.
“I imagine in the long-term they will need to constantly update the Monkey Drainer to remain competitive, or the new approaches will take market share,” Zak said when asked if the exchange could be stopped.
Stay up to date with cryptocurrency news, and get daily updates in your inbox.