Hackers steal $3 million by impersonating crypto news journalists

Hackers steal $3 million by impersonating crypto news journalists



A hacking group tracked as ‘Pink Drainer’ impersonates journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency theft attacks.

According ScamSniffer AnalystsPink Drainer successfully compromised the accounts of 1,932 victims to steal approximately $2,997,307 worth of digital assets on Mainnet and Arbitrum.

ScamSniffer’s on-chain monitoring bots caught the threat actor when they snatched $327,000 worth of NFTs from a single person.

Some of the threat actor’s recent targets are believed to include OpenAI CTO Mira Murati, Steve Aoki, evmos, pika protocol, Orbiter Finance, Live, flare net, cherry redand star web.

Total casualty count and losses
Total casualty count and losses (Scam Sniffer)

impersonate journalists

Pink Drainer hijacks accounts through social engineering, where threat actors spend a couple of days posing as journalists from popular news outlets like Cointelegraph and Decrypt to conduct fake interviews with victims.

Fake Decrypt page hosting an interview form
Fake Decrypt page hosting an interview form (Scam Sniffer)

After gaining the trust of their victim, threat actors tell targets that they must perform a KYC (know your customer) validation to prove their identity, leading them to websites used to steal Discord authentication tokens.

These sites pose as malicious bots such as Carl’s verification bot, where they are told to add bookmarks containing malicious JavaScript code using a “Drag Me” button on the malicious page.

This code steals Discord tokens, allowing attackers to hijack accounts without knowing the user’s credentials or having a way to intercept the two-factor authentication code.

The Malicious Drag Me Button
The malicious “Drag Me” button (Scam Sniffer)

To extend their control of the account, the attackers set themselves as administrators and removed all other administrators to steal digital assets and sensitive information without being disturbed.

In cases where the account belongs to a renowned project or person with a large following, attackers use their access to it to promote fake giftsfake mints, cryptocurrency scams and phishing pages.

Unfortunately, the Pink Drainer remains active, so high-profile digital asset holders need to stay vigilant and treat media communications with suspicion.

If you are approached by a journalist, contact the news outlet via the details provided on their official website and verify that the message is coming from them.

Cryptocurrency investors should not automatically trust promotions posted by legitimate accounts. Instead, confirm the authenticity of giveaways and token deliveries by checking the platform’s website and other social media channels.


Leave a Comment


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *