scammer

Monkey Drainer-linked scammers possibly exposed after an on-chain quarrel

The scammer referred to their pseudonym during a blockchain message argument that may have revealed their actual identity, according to CertiK.

Blockchain security firm CertiK believes to it has found the real-life identity of at least one scammer allegedly linked to the “Monkey Drainer” phishing scam.

Monkey Drainer is the pseudonym for a phishing scammer who uses smart contracts to steal NFTs through a process known as “ice phishing.”

The individual or individuals behind the phishing scam have stolen millions of dollars worth of Ether (ETH) via malicious copycat nonfungible token (NFT) minting websites.

In a Jan. 27 blog, CertiK said it found on-chain messages between two scammers involved in a recent $4.3 million Porsche NFT phishing scam and was able to link one of them to a Telegram account involved in selling the Monkey Drainer-style phishing kit.

Exposing Scammers

CertiK investigators uncovered two scammers, Zentoh and Kai, behind the Monkey Drainer kit

This kit is sold to prospective scammers who are looking to steal user funds using Ice Phishing

Who was involved and how? Let’s see

— CertiK (@CertiK) January 28, 2023

One message revealed a person referring to themself as “Zentoh” and referred to the person who stole the funds as “Kai.”

Zentoh was seemingly upset at Kai for not sending over a slice of the stolen funds. The message from Zentoh directs Kai to deposit the ill-gotten gains “at our address.”

*An on-chain message from a person referring to themselves as “Zentoh,” upset they didn’t receive a portion of phished funds from a person they address as “Kai.” Source:* *CertiK*

CertiK deduced the joint wallet was the address that received the $4.3 million in stolen crypto. The firm added there is a “direct link” between the joint wallet and “some of the most prominent Monkey Drainer scammer wallets.”

*The wallet address tied to Zentoh is in turn tied to numerous addresses linked to the Monkey Drainer scam. Source:* *CertiK*

Zentoh revealed in another message that the pair used Telegram to communicate. CertiK found an exact match for the pseudonym on the messaging app and identified it “to be running a Telegram group that sells phishing kits to scammers.”

The company found numerous other online accounts possibly linked to Zentoh, including one on GitHub that posted repositories for crypto drainer tools.

If the links between the accounts are legitimate, it reveals the identity of a French national living in Russia.

Cointelegraph reviewed accounts potentially related to the person and found public accounts that seemed to be interested in cryptocurrencies. Cointelegraph contacted the person but did not immediately receive a response.

Cointelegraph is not publishing the name of the person due to privacy concerns.

Crypto wallet-draining phishing scams have unfortunately been used to great effect recently.

The co-founder of the Moonbirds NFT collection, Kevin Rose, fell victim to such a scam that led to over $1.1 million worth of his personal NFTs being stolen.

The influencer known on Twitter as “NFT God” suffered a similar fate after they downloaded malicious software from a Google Ad search result, with ETH and high-priced NFTs pilfered from their wallet.

3 ways scammers will try to fool you over Ethereum’s Merge

Besides fake ETH 2.0 tokens and malicious token airdrops, crypto users should also be on the lookout for staking pools offering attractive staking yields.

Scammers are likely to use excitement around the Ethereum Merge to launch new scams aimed at newbie crypto users, PolySwam CEO and co-founder Steve Bassi has warned.

The Ethereum Merge is expected to take place within the next 24 hours.

Speaking to Cointelegraph, Bassi said these scams could come in the form of fake ETH 2.0 tokens, fraudulent mining pools and fake airdrops.

PolySwam is a decentralized cybersecurity marketplace that connects cybersecurity experts to projects and companies through the use of bounties.

Fraudulent staking pools

The Ethereum upgrade marks the transition from the current proof-of-work (PoW) consensus mechanism to proof-of-stake (PoS).

Bassi said that for many Ether (ETH) holders, joining a staking pool will be their only way of reaping yield from staking rewards if they don’t have the 32 ETH required to become an independent validator.

“Staking is a pretty new concept for most of the crypto community and unless you’ve got 32 ETH lying around you’re going to have to join one of the staking pools to make a yield off your ETH.”

Bassi, however, warned that pooled staking providers “carry their own risk” as it often requires users to deposit and give up control of their ETH.

Bassi said that upstart staking providers, which “may offer very attractive terms” could perform “sudden rug pulls” that would affect those participating in the pool:

“This risk exists today with DeFi platforms/pools and tokens, but the Merge will give scammers a new character universe to work with.”

Upgrade scam

One of the more imminent threats involves scammers attempting to trick users into signing fraudulent transactions or parting with their private keys under the guise of migrating to the new Ethereum chain.

Bassi reiterated that the upgrade to proof-of-stake should be transparent, and a user should not need to do anything to migrate or preserve their ETH-based tokens, noting:

“We’ll likely see scammers try to get users to sign fraudulent transactions and/or leak private keys based on some false pretense that the user needs to do something to migrate chains.”

Fake airdrops

Another likely attack vector will come in the form of “fake airdrops,” added Bassi — convincing users to sign transaction messages or visit phishing sites in order to receive a bogus airdrop:

“The ETH Merge will be a good excuse for these scammers to masquerade as well-known, economically valuable, projects promising airdrops.”

“Those airdrops will likely redirect users to a phishing site where they may be fleeced out of their ETH, private keys, and/or crafted transaction signing attempts.”

The Ethereum Foundation has called the upcoming Merge the “most significant upgrade in the history of Ethereum” and has urged users to be on “high alert” for scams trying to take advantage of users during the transition. It has repeatedly warned there is no such thing as an ETH2 or ETH 2.0 coin.

The upgrade is expected by most onlookers to be a success, given the experience in the previous testnets. However, Bassi said there could still be a chance that scammers or hackers have found a way to game the system:

“We don’t really know if a group of scammers/hackers out there has already developed an attack or DDoS technique against the chain which can be used post-Merge when ETH 2.0 has the full economic value of ETH 1.0 moved over.”

“If there were such an attack it’s likely to only temporarily affect the chain and, possibly, the market as there a lot of smart eyes watching behavior post-Merge. However, an attacker will likely be looking for the opportunity to monetize any discoveries.”