crypto hacks

Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’

The scammer behind the crypto wallet draining kit even recommended an alternative and gave advice to budding cybercriminals.

The cryptocurrency phishing scammer behind some of the most high-profile and high-value Web3 thefts claims to have packed up shop, saying it was “time to move on to something better.”

The scammer with the pseudonym Monkey Drainer posted to their Telegram channel on March 1 that they “will be shutting down immediately” and all “files, servers and devices” related to the drainer “will be destroyed immediately” and it “will not return.”

*Monkey Drainer’s full message posted to Telegram recommending an alternative service. Source: Telegram*

The scammer even gave advice to budding “young cyber criminals” saying they shouldn’t “lose themselves in the pursuit of easy money” and only those “with the highest level of dedication” should operate a “large scale cybercrime” outfit.

Monkey Drainer even recommended a “flawless” alternative service to the one they once offered, named “Venom Drainer,” and pointed to a Telegram account for the service that was created only a day before Monkey’s announcement.

Blockchain security firm PeckShield tweeted on March 1 that within the last day, Monkey Drainer’s wallet deposited around 200 Ether (ETH) worth $330,000 into the crypto mixing service Tornado Cash, attempting to obscure their funds. There was 840 ETH, worth $1.4 million, still in their primary wallet.

#PeckShieldAlert Scammer #MonkeyDrainer, who runs theft schemes for multiple clients (a sort of ‘scam-as-a-service’) announced to shut down their service
~200 $ETH has been transferred to Tornado Cash within the last 24 hours, while ~840 $ETH (~$1.4M) sits in their main address pic.twitter.com/1lg3KLRxhk

— PeckShieldAlert (@PeckShieldAlert) March 1, 2023

Blockchain security firm CertiK also shared Monkey’s message on a March 1 tweet, saying the crypto wallet-draining kit they offered is understood to take a 30% “commission” of funds stolen funds from others’ use of the software.

Wallet-draining kits from other providers have copied the model, and CertiK pointed to other vendors already reporting an uptick in requests since Monkey Drainer announced the shutdown.

3/ Wallet drainer vendors have noted the payment structure Monkey introduced and have since copied

Below are a few examples that we’ve seen: pic.twitter.com/i62aU5t2pv

— CertiK Alert (@CertiKAlert) February 28, 2023

Monkey Drainer is understood to have operated since late 2022 and is estimated to have stolen up to $13 million worth of cryptocurrencies and nonfungible tokens since that time.

Other copycat phishing scammers and wallet-draining kits have stolen much more. A report from Web3 bug bounty platform Immunefi revealed $3.9 billion worth of crypto was lost to hacks, frauds, scams and rug pulls in 2022.

Possibly one of the single most high-profile and high-value theft by a wallet drainer in recent times was the January attack on Kevin Rose, the co-founder of the Moonbirds NFT collection.

Rose’s wallet was drained after he approved a malicious signature on a phishing website that transferred over $1.1 million worth of his personal NFTs to the attacker.

No ‘respite’ for exploits, flash loans or exit scams in 2023: Cybersecurity firm

The industry is likely to see “further attempts from hackers targeting bridges in 2023,” while users are urged to be warier of their private keys.

The new year is a fresh start for malicious actors in the crypto space and 2023 won’t likely see a slowdown in scams, exploits and hacks, according to CertiK.

The blockchain security company told Cointelegraph its expectations for the year ahead regarding bad actors in the space, saying:

“We saw a large number of incidents last year despite the crypto bear market, so we do not anticipate a respite in exploits, flash loans or exit scams.”

Regarding other ill-natured incidents the crypto community might face, the company pointed to the “devastating” exploits that took place on cross-chain bridges in 2022. Of the 10 largest exploits during the year, six were bridge exploits, which stole a total of around $1.4 billion.

Due to these historically high returns, CertiK noted the likelihood of “further attempts from hackers targeting bridges in 2023.”

Protect your keys

On the other hand, CertiK said there will likely be “fewer brute force attacks” on crypto wallets, given that the Profanity tool vulnerability — which has been used to attack a number of crypto wallets in the past — is now widely known.

The Profanity tool allows users to generate customized “vanity” crypto addresses. A vulnerability in the tool was used to exploit $160 million worth of crypto in the September hack of algorithmic crypto market maker Wintermute, according to CertiK.

Instead, wallet compromises this year will likely come because of poor user security, CertiK said, stating:

“It’s possible that funds lost to private key compromises in 2023 will be due to poor management of private keys, bar any future vulnerability found in wallet generators.”

The firm said it will also be monitoring phishing techniques that could proliferate in the new year. It noted the slew of Discord group hacks in mid-2022 that tricked participants into clicking phishing links such as the Bored Ape Yacht Club (BAYC) Discord hack in June, which resulted in 145 Ether (ETH) being stolen.

Last year, $2.1 billion worth of crypto was stolen through just the 10 biggest incidents alone, while 2021 saw $10.2 billion total stolen from Decentralized Finance (DeFi) protocols, according to peer security firm Immunefi.

The biggest incident in 2022 — and of all time — was the Ronin bridge exploit, which saw attackers making off with around $612 million. The largest flash loan attack was the $76 million Beanstalk Farms exploit and the largest DeFi protocol exploit was the $79.3 million stolen from Rari Capital.

$62M crypto stolen in Dec was the ‘lowest monthly figure’ in 2022: CertiK

December proved to be the month with the least crypto stolen in 2022, although there were still 23 major incidents, according to CertiK.

Cryptocurrency hackers and exploiters seemingly slowed down for the 2022 holidays as December saw $62.2 million worth of cryptocurrencies stolen, the “lowest monthly figure” of the year, according to CertiK.

The blockchain security company on Dec. 31 tweeted a list of the month’s most significant attacks. It highlighted the $15.5 million worth of exit scams as the method that stole the most value over the month, followed by the $7.6 million worth of flash loan-based exploits.

#CertiKStatsAlert

Combining all the incidents in December we’ve confirmed ~$62.2M lost to exploits, hacks and scams.

The lowest monthly figure this year.

Exit scams were ~$15.5M

Flashloans were ~$7.6M

See the details below pic.twitter.com/1ub3mYVv6K

— CertiK Alert (@CertiKAlert) December 31, 2022

A later tweet on Jan. 1 confirmed that the 23 largest exploits were responsible for around 98.5% of the $62.2 million figure, with the $15 million Helio Protocol incident on Dec. 2 the largest of the month.

The protocol, which manages the stablecoin HAY (HAY), suffered a loss when a trader took advantage of a price discrepancy in Ankr Reward Bearing Staked BNB (aBNBc) to borrow millions worth of HAY.

At the time, the decentralized finance (DeFi) protocol Ankr suffered a separate exploit where an attacker minted 20 trillion aBNBc, causing its price to plummet. The Helio trader quickly deposited aBNBc tokens to borrow 16 million HAY, causing the loan to be significantly undercollateralized, leading to the protocol’s loss and a depeg of its stablecoin.

The second largest incident of the month was the $12.9 million exploits of Defrost Finance’s v1 and v2 protocols on Dec. 23, where an attacker carried out a flash loan attack by adding a fake collateral token and a malicious price oracle to liquidate the protocol.

Days after the exploit, the hacker returned the funds stolen from the v1 protocol to an address controlled by Defrost, though funds are yet to have been returned for the v2 hack.

CertiK labeled the exploit an “exit scam” due to the fact an admin key was required to conduct the attack. Defrost denied the allegations to Cointelegraph, claiming the key was compromised.

The December figure is much lower than the month prior, seeing an 89.5% decrease from the $595 million worth of exploits across 36 major incidents CertiK recorded in November, a figure largely skewed by the $477 million hack of crypto exchange FTX.

#CertiKStatsAlert

36 major attacks were recorded in November totalling a loss of ~$595 Million.

As always, make sure a project has an audit & KYC before investing!

Remember to always #DYOR and read the audit reports! pic.twitter.com/UhiDU2itAm

— CertiK Alert (@CertiKAlert) December 1, 2022

Overall for 2022, just the largest 10 exploits of the year funneled around $2.1 billion to bad actors, largely on cross-blockchain bridges and DeFi protocols.

Illicit crypto usage as a percent of total usage has fallen: Report

A rapidly growing crypto market means that hacks and scams are accounting for less overall activity, and their percentage of total usage continues to decline.

Illicit cryptocurrency activity in 2021 and the first quarter of 2022 has declined as a percentage of overall crypto activity, according to blockchain forensics firm CipherTrace.

The cryptocurrency industry has long held a reputation in some jurisdictions as a haven for illegal activity. However, CipherTrace estimates that illicit activity was between 0.62% and 0.65% of overall cryptocurrency activity in 2020. The firm reported that it has now fallen to between 0.10% and 0.15% of overall activity in 2021.

In its “Cryptocurrency Crime and Anti-Money Laundering” report released Monday, CipherTrace outlined that the top ten decentralized finance (DeFi) hacks in 2021 and Q1 2022 netted attackers $2.4 billion.

Over half of that figure came from just two events, the largest being the late March 2022 Ronin Network exploit worth about $650 million and the $610 million August 2021 hack of the Poly Network, most of which was returned by the anonymous hacker.

Within a similar time period, Anti-Money Laundering (AML) related fines in the banking sector increased dramatically, with 80 institutions fined in 2021, up from just 24 in 2020, according to Kyckr.

While the total dollar amount of the fines fell from 2020, last year saw the banks pay $2.7 billion worth of fines for AML or Know Your Customer (KYC) related violations, the largest single fine totaling around $700 million.

While significant sums have been exploited in crypto, CipherTrace detailed the rapidly expanding crypto ecosystem, noting that the total crypto market activity for 2020 was around $4.3 trillion, which grew to approximately $16 trillion of activity just in the first half of 2021.

CipherTrace says that the growth of the crypto market also brings with it increased scrutiny from the world’s regulators, who are “starting to take decisive action to ensure that the space isn’t just a modern-day wild west.”

Some of the most significant regulatory events cited in the report include the United States President Biden’s crypto executive order in March to study blockchain technology, Dubai establishing a virtual assets regulator and the European Union’s proposed Anti-Money Laundering laws.

CipherTrace added organizations are going to have a “very real incentive to shape up” or face “heavy losses at the hands of the government,” adding it expects the threats existing in crypto will be the focus of future regulatory efforts.