A hacking group hunted down as “Pink Drainer” is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency theft attacks.

According ScamSniffer AnalystsPink Drainer managed to compromise the accounts of 1,932 victims to steal approximately $2,997,307 in digital assets from the Mainnet and Arbitrum.

ScamSniffer’s chain surveillance bots caught the threat actor when they ripped off $327,000 worth of NFTs from a single person.

Some of the threat actor’s recent targets are believed to include OpenAI CTO Mira Murati, Steve Aoki, Evmos, Pika Protocol, Funding of the orbiter, Li-Fi, Flare network, cherry networkAnd Starknet.

pretend to be journalists

Pink Drainer hijacks accounts via social engineering, where threat actors spend a few days impersonating journalists from popular outlets like Cointelegraph and Decrypt to conduct fake interviews with victims.

After gaining their victim’s trust, threat actors tell targets that they need to perform KYC (know your customer) validation to prove their identity, guiding them to websites used to steal Discord authentication tokens .

These sites pose as malicious bots like a Carl verification bot, where they are told to add bookmarks containing malicious JavaScript using a “Drag Me” button on the malicious page.

This code steals Discord tokens, allowing attackers to hijack accounts without knowing the user’s credentials or having a way to intercept the two-factor authentication code.

To extend their control over the account, the attackers set themselves as admins and removed all other admins to steal digital assets and sensitive information undisturbed.

In cases where the account belongs to a well-known project or someone with a large following, attackers use their access to promote fake giftsfake mints, cryptocurrency scams and phishing pages.

Unfortunately, Pink Drainer remains active, so holders of high-profile digital assets should remain vigilant and treat media communications with suspicion.

If a journalist approaches you, contact the media outlet using the contact details provided on their official website and check that the message is indeed from them.

Cryptocurrency investors should not automatically trust promotions posted by legitimate accounts. Instead, confirm the authenticity of giveaways and token giveaways by checking the platform’s website and other social media channels.