monkey drainer

Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’

The scammer behind the crypto wallet draining kit even recommended an alternative and gave advice to budding cybercriminals.

The cryptocurrency phishing scammer behind some of the most high-profile and high-value Web3 thefts claims to have packed up shop, saying it was “time to move on to something better.”

The scammer with the pseudonym Monkey Drainer posted to their Telegram channel on March 1 that they “will be shutting down immediately” and all “files, servers and devices” related to the drainer “will be destroyed immediately” and it “will not return.”

Monkey Drainer’s full message posted to Telegram recommending an alternative service. Source: Telegram

The scammer even gave advice to budding “young cyber criminals” saying they shouldn’t “lose themselves in the pursuit of easy money” and only those “with the highest level of dedication” should operate a “large scale cybercrime” outfit.

Monkey Drainer even recommended a “flawless” alternative service to the one they once offered, named “Venom Drainer,” and pointed to a Telegram account for the service that was created only a day before Monkey’s announcement.

Blockchain security firm PeckShield tweeted on March 1 that within the last day, Monkey Drainer’s wallet deposited around 200 Ether (ETH) worth $330,000 into the crypto mixing service Tornado Cash, attempting to obscure their funds. There was 840 ETH, worth $1.4 million, still in their primary wallet.

Blockchain security firm CertiK also shared Monkey’s message on a March 1 tweet, saying the crypto wallet-draining kit they offered is understood to take a 30% “commission” of funds stolen funds from others’ use of the software.

Wallet-draining kits from other providers have copied the model, and CertiK pointed to other vendors already reporting an uptick in requests since Monkey Drainer announced the shutdown.

Monkey Drainer is understood to have operated since late 2022 and is estimated to have stolen up to $13 million worth of cryptocurrencies and nonfungible tokens since that time.

Related: Monkey Drainer-linked scammers possibly exposed after an on-chain quarrel

Other copycat phishing scammers and wallet-draining kits have stolen much more. A report from Web3 bug bounty platform Immunefi revealed $3.9 billion worth of crypto was lost to hacks, frauds, scams and rug pulls in 2022.

Possibly one of the single most high-profile and high-value theft by a wallet drainer in recent times was the January attack on Kevin Rose, the co-founder of the Moonbirds NFT collection.

Rose’s wallet was drained after he approved a malicious signature on a phishing website that transferred over $1.1 million worth of his personal NFTs to the attacker.

Monkey Drainer-linked scammers possibly exposed after an on-chain quarrel

The scammer referred to their pseudonym during a blockchain message argument that may have revealed their actual identity, according to CertiK.

Blockchain security firm CertiK believes to it has found the real-life identity of at least one scammer allegedly linked to the “Monkey Drainer” phishing scam.

Monkey Drainer is the pseudonym for a phishing scammer who uses smart contracts to steal NFTs through a process known as “ice phishing.”

The individual or individuals behind the phishing scam have stolen millions of dollars worth of Ether (ETH) via malicious copycat nonfungible token (NFT) minting websites. 

In a Jan. 27 blog, CertiK said it found on-chain messages between two scammers involved in a recent $4.3 million Porsche NFT phishing scam and was able to link one of them to a Telegram account involved in selling the Monkey Drainer-style phishing kit. 

One message revealed a person referring to themself as “Zentoh” and referred to the person who stole the funds as “Kai.”

Zentoh was seemingly upset at Kai for not sending over a slice of the stolen funds. The message from Zentoh directs Kai to deposit the ill-gotten gains “at our address.”

An on-chain message from a person referring to themselves as “Zentoh,” upset they didn’t receive a portion of phished funds from a person they address as “Kai.” Source: CertiK

CertiK deduced the joint wallet was the address that received the $4.3 million in stolen crypto. The firm added there is a “direct link” between the joint wallet and “some of the most prominent Monkey Drainer scammer wallets.”

The wallet address tied to Zentoh is in turn tied to numerous addresses linked to the Monkey Drainer scam. Source: CertiK

Zentoh revealed in another message that the pair used Telegram to communicate. CertiK found an exact match for the pseudonym on the messaging app and identified it “to be running a Telegram group that sells phishing kits to scammers.”

The company found numerous other online accounts possibly linked to Zentoh, including one on GitHub that posted repositories for crypto drainer tools.

If the links between the accounts are legitimate, it reveals the identity of a French national living in Russia.

Cointelegraph reviewed accounts potentially related to the person and found public accounts that seemed to be interested in cryptocurrencies. Cointelegraph contacted the person but did not immediately receive a response.

Cointelegraph is not publishing the name of the person due to privacy concerns.

Related: Hackers take over Azuki’s Twitter account, steal over $750K in less than 30 minutes

Crypto wallet-draining phishing scams have unfortunately been used to great effect recently.

The co-founder of the Moonbirds NFT collection, Kevin Rose, fell victim to such a scam that led to over $1.1 million worth of his personal NFTs being stolen.

The influencer known on Twitter as “NFT God” suffered a similar fate after they downloaded malicious software from a Google Ad search result, with ETH and high-priced NFTs pilfered from their wallet.