Bitcoin
Bitcoin (BTC)
$98,637.00 0.0001
Bitcoin price
Ethereum
Ethereum (ETH)
$3,335.18 0.13389
Ethereum price
BNB
BNB (BNB)
$642.80 1.54573
BNB price
Solana
Solana (SOL)
$255.13 -0.85578
Solana price
XRP
XRP (XRP)
$1.55 13.84921
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000271 8.16316
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000204 -1.26981
Pepe price
Bonk
Bonk (BONK)
$0.0000478 -6.187
Bonk price
dogwifhat
dogwifhat (WIF)
$3.19 0.15351
dogwifhat price
Popcat
Popcat (POPCAT)
$1.45 -8.01303
Popcat price
Bitcoin
Bitcoin (BTC)
$98,637.00 0.0001
Bitcoin price
Ethereum
Ethereum (ETH)
$3,335.18 0.13389
Ethereum price
BNB
BNB (BNB)
$642.80 1.54573
BNB price
Solana
Solana (SOL)
$255.13 -0.85578
Solana price
XRP
XRP (XRP)
$1.55 13.84921
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000271 8.16316
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000204 -1.26981
Pepe price
Bonk
Bonk (BONK)
$0.0000478 -6.187
Bonk price
dogwifhat
dogwifhat (WIF)
$3.19 0.15351
dogwifhat price
Popcat
Popcat (POPCAT)
$1.45 -8.01303
Popcat price
Bitcoin
Bitcoin (BTC)
$98,637.00 0.0001
Bitcoin price
Ethereum
Ethereum (ETH)
$3,335.18 0.13389
Ethereum price
BNB
BNB (BNB)
$642.80 1.54573
BNB price
Solana
Solana (SOL)
$255.13 -0.85578
Solana price
XRP
XRP (XRP)
$1.55 13.84921
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000271 8.16316
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000204 -1.26981
Pepe price
Bonk
Bonk (BONK)
$0.0000478 -6.187
Bonk price
dogwifhat
dogwifhat (WIF)
$3.19 0.15351
dogwifhat price
Popcat
Popcat (POPCAT)
$1.45 -8.01303
Popcat price
Bitcoin
Bitcoin (BTC)
$98,637.00 0.0001
Bitcoin price
Ethereum
Ethereum (ETH)
$3,335.18 0.13389
Ethereum price
BNB
BNB (BNB)
$642.80 1.54573
BNB price
Solana
Solana (SOL)
$255.13 -0.85578
Solana price
XRP
XRP (XRP)
$1.55 13.84921
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000271 8.16316
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000204 -1.26981
Pepe price
Bonk
Bonk (BONK)
$0.0000478 -6.187
Bonk price
dogwifhat
dogwifhat (WIF)
$3.19 0.15351
dogwifhat price
Popcat
Popcat (POPCAT)
$1.45 -8.01303
Popcat price

Dissecting an ingenious crypto wallet draining scam

dissecting-an-ingenious-crypto-wallet-draining-scam
Edited by
News
Dissecting an ingenious crypto wallet draining scam

A massive crypto wallet draining operation has been exposed, having targeted experienced crypto users and industry insiders since December 2022. 

https://twitter.com/tayvano_/status/1648187031468781568?s=20

Draining over 5,000 ethereum (ETH) and an unknown amount of tokens, non-fungible tokens (NFTs), and coins across 11+ chains, this scam has left the community searching for answers. 

Let’s dive into the facts and data surrounding the operation and its impact on the crypto community.

Decoding the scammers’ modus operandi 

The attackers have been methodically draining keys, potentially from a cache of data obtained more than a year ago. 

https://twitter.com/tayvano_/status/1648187038292918272?s=20

They exhibit distinct patterns in their theft and post-theft on-chain movement, often moving assets between multiple victims’ addresses.

Large December 2022 thefts utilized RenBridge, and the final destination for stolen assets is always bitcoin (BTC). 

The attackers utilize centralized swappers like FixedFloat, SimpleSwap, SideShift, ChangeNOW, and LetsExchange to launder funds before moving them to privacy-focused mixers like Coinomize, Wasabi, and CryptoMixer.

https://twitter.com/tayvano_/status/1648187048858365955?s=20

The commonalities among victims 

The victims share some common characteristics, such as having created their keys between 2014 and 2022 and being more crypto-native than most (e.g., having multiple addresses and working in the space). 

https://twitter.com/tayvano_/status/1648187034807439360?s=20

This scam has not affected any newbies; it has specifically targeted experienced users with a single secret recovery phrase or private key.

To prevent such scams, the crypto community must prioritize education and awareness. Users should avoid keeping all assets in a single key or secret phrase and should migrate to hardware wallets. 

Patterns in the timing of the thefts 

The wallet draining operation exhibits peculiar patterns in the timing of the thefts. Many of the thefts appear to have occurred on weekends, with notable incidents on Sundays. 

Large-scale thefts seem to be scripted, and the dust remaining in the original drained address has been stolen up to 80+ days after the first address was drained. 

The attackers’ IPs and user agents (UAs) are quite diverse, often using VPNs, proxies, and other methods to mask their true identity.

The road ahead

By examining the scammers’ methods, commonalities among victims, timing patterns, and understanding the importance of preventive measures, the community can better safeguard its assets. 

Collaboration, education, and vigilance are crucial in mitigating risks and restoring confidence in the security of digital assets.