A hacking group hunted down as “Pink Drainer” is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency theft attacks.
According ScamSniffer AnalystsPink Drainer managed to compromise the accounts of 1,932 victims to steal approximately $2,997,307 in digital assets from the Mainnet and Arbitrum.
ScamSniffer’s chain surveillance bots caught the threat actor when they ripped off $327,000 worth of NFTs from a single person.
pretend to be journalists
Pink Drainer hijacks accounts via social engineering, where threat actors spend a few days impersonating journalists from popular outlets like Cointelegraph and Decrypt to conduct fake interviews with victims.
After gaining their victim’s trust, threat actors tell targets that they need to perform KYC (know your customer) validation to prove their identity, guiding them to websites used to steal Discord authentication tokens .
This code steals Discord tokens, allowing attackers to hijack accounts without knowing the user’s credentials or having a way to intercept the two-factor authentication code.
To extend their control over the account, the attackers set themselves as admins and removed all other admins to steal digital assets and sensitive information undisturbed.
Unfortunately, Pink Drainer remains active, so holders of high-profile digital assets should remain vigilant and treat media communications with suspicion.
If a journalist approaches you, contact the media outlet using the contact details provided on their official website and check that the message is indeed from them.
Cryptocurrency investors should not automatically trust promotions posted by legitimate accounts. Instead, confirm the authenticity of giveaways and token giveaways by checking the platform’s website and other social media channels.