Monkey Drainer Contract has been making headlines recently because of its involvement in phishing . Over $1M has been stolen using the contract.
Crypto Drainers are smart contracts that scammers use to steal digital assets using phishing pages that impersonate the websites of popular projects. They trick victims into connecting their wallets to the website for minting and then stealing their digital assets.
After the victim connects their with such phishing websites, the crypto drainers contract deceives the victim to transfer their NFTs to attackers. The victims get scammed in the name of free mints or whitelisting access, among other plausible reasons.
There are templates of smart contracts to build a Drainer contract. Usually, amongst the lines of code, the contract contains the following block of code, according to a blog by blockchain enthusiast Eliya Stein. This Solidity function enables the smart contract to transfer digital assets from the victims’ wallets to the attacker’s wallet.
Over $1 Million stolen with Monkey Drainer contract
The on-chain investigator, ZachXBT, reported on Twitter last month that Monkey Drainer stole over 700 ETH in 24 hours.
1/ Over the past 24 hrs ~700 ETH ($1m) has been stolen by the phishing scammer known as Monkey Drainer.
They recently surpassed 7300 transactions from their drainer wallet after being around for only a few months. pic.twitter.com/6vAYBiqCxQ
— ZachXBT (@zachxbt) October 25, 2022
One of the victims lost 1 Bored Yacht Club NFT, 36,000 USDC, and 12 other NFTs worth $150,000. While another lost crypto worth over $220,000. ZachXBT believes that the total number stolen easily surpasses $3.5M, with that number rapidly increasing by each day.
Monkey Drainer takes a cut of 30%
Most recently, the attackers targeted the Twitter account of Gabriel Leydon, CEO of Limit Break. They asked for access to all the NFTs from the victims’ wallets. ZachXBT discovered that it was Monkey Drainer doing it. Someone lost 15 WETH and a Mutant Ape Yacht Club NFT on Wednesday.
Monkey sells his drainer for 30% cut of an attack. So other scammers are coming to him with these accounts.
— ZachXBT (@zachxbt) November 3, 2022
How to protect yourself from phishing scams?
Generally, such phishing scams are promoted through social media spam campaigns. Victims are lured in the name of the free mints, giveaways, whitelisting access, etc. They will show limited time to create a sense of urgency. As shown in the screenshot below, the Discord account is generally deleted after a few days of running spam campaigns. Please avoid clicking on the links sent as direct messages by strangers on social media platforms.
Or they create fake Twitter accounts impersonating influencers, founders, CXOs, or notable projects. They do it with a slight modification in the spelling of the original account. Generally, original projects have blue-tick verification on Twitter. Please check if the account has one before clicking on any links. If not blue-tick, the original account is followed by other well-known Web3 personalities. Please make sure to do some due diligence. Below is the image of one such fake Twitter id of Aptos used to promote phishing attacks.
Sometimes, they run ad campaigns on Google to show their phishing websites on top of the website of the original project to trick the users. For security purposes, the user should verify the spellings in the before blindly clicking the first search result. It is even better to avoid clicking on the that mentions “Ad.” Generally, the original link will be just below the Ad links.
Got something to say about the Monkey Drainer contract or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on FacebookTwitter
