When crypto investor Ronald Moll clicked on an airdrop link shared by a trusted moderator in a Discord channel, little did he know that his account had been taken over by a scammer equipped with the popular Pink Drainer kit.
“I felt like a real idiot. How stupid would I have been to fall for this? Says Mall Magazine.
In a leak kit, a developer or team will be given a script alongside a tutorial on how to exploit cybercriminals for a fee.
“Sometimes, you get someone who can build a website for ‘the client' without any skills in that area, and they get 20% to 30% in return,” Plum, an anonymous blockchain security researcher, told the magazine.
Moll considers himself lucky that he doesn't have many tokens in that wallet.
However, not all victims share the same fate. Another anonymous investor, Trout, told the magazine that another malicious airdrop link lost $210,000 worth of crypto.
“I wanted to die,” says Trout.
The Pink Drainer Kit helped illegal actors steal at least $18 million worth of crypto assets from more than 9,000 victims last year, including the theft of $4.4 million from just one investor.
Table of Contents
ToggleCrypto Scams: Social Engineering, Hacking and Phishing
The developer of this drain, who goes by the name Rose, doesn't use the word “victims,” preferring to call those affected by the scam “participants.”
“A lot of people who are ‘watered down' are Chinese citizens who shouldn't be doing this whole DeFi thing in the first place. [and] Some Westerners will be caught in the crossfire,” Pink told the magazine.
Pink's clients often use social engineering tactics, including hacking influencers' social media accounts.
In late February, MicroStrategy's hacked X account shared a now-deleted tweet promoting a fake Ethereum token. A Phishing Scam Has Exposed More Than $420,000 in Cryptocurrencies
Blockchain records show that a portion of the loot from the MicroStrategy issue was transferred to a wallet linked to Rose Drainer.
Read more
Art week
Connecting the Dots: Collection and Collaboration in the World of Crypto Art
Main characteristics
Is China getting soft on Bitcoin? A turn of phrase inspires the crypto world.
With that, the world's largest corporate bitcoin holder, including Ethereum founder Vitalik Buterin and OpenAI chief technology officer Mira Murat, joined the list of public figures whose social media accounts have been used in phishing schemes linked to Rose Drainer.
“I don't feel any guilt or remorse when I benefit from the loss of participants,” Rose said, arguing that it is natural for one person to lose money for another's benefit.
“I'm not going to surprise anyone,” Pink added. I just code.
From fighting crypto scams to creating crypto scams
According to Plum, Rose has a fascinating history.
“Before he was pink, he was a security researcher — or at least he pretended to get a better look at the inner workings of some security projects,” says Plum.
The developer was known in the security community as “BlockDev” and allegedly operated the X account @ChainThreats, according to Plum.
The account has since been deactivated, but screenshots of Blockdev's activity can still be seen via Internet archive Wayback Machine.
Blockdev was known by a few members of the security community as someone who worked to sabotage the plans for the drains.
In particular, Blockdev has regularly attempted DDoS attacks or hacks against Monkey, a pioneer among drains that announced their retirement in March 2023.
The founder of blockchain security firm BlockMage Labs had one of his last exchanges with BlockDev before his fantasy venture went pink.
Fantasy says the two once hypothesized a possible attack on Venom Drainer's back-end system using specially crafted orders on the NFT marketplace obfuscation.
This effort eventually led to the disclosure of BlockDev's wallet address.
Read more
Main characteristics
Etiquette for Hiring Cheap Filipino Workers: Crypto in the Philippines Part 2
Main characteristics
When Worlds Collide: Merging Web3 and Crypto from Web2
“Later, he used the same wallet as a payee for his sewer service,” Fantasy explained.
BlockMage's founder remembers that BlockDev provided important insights and research on various security issues, albeit in a “humiliating” way.
“The last conversation I had with him before Blockdev disabled his Discord account was a brief one, with only an easily understood Pink Drainer alias, an acknowledgment from him, and a joke that later went offline,” Fantasy added.
Pink laundering, counterfeiting, crypto fraud and mental health
Rose told the magazine that he prefers to peg his ill-gotten gains to the value of the US dollar, an algorithmically stable coin.
As of March 8, Dai holds an Ethereum wallet with the tag “Rose Drainer” worth over $4.49 million.
The developer says there are no immediate plans to shift earnings to Fiat, preferring instead to “watch its stack grow”.
While the development of global crypto regulations and KYC requirements have created major obstacles for cybercriminals looking to liquidate their assets through centralized exchanges, Plum said there are still many alternative channels.
These include impersonating or purchasing KYC credentials or information from another person.
“Low income [and] Third world areas will gladly sell their identity information for that,” adds Plum.
In a now-deleted Telegram message to the magazine, Pink admitted that his physical and mental health was deteriorating.
The draining method has become all-consuming for Rose, causing her to lose sleep and focus on nothing else.
Rose has now stopped responding to the magazine.
“I'm a busy man,” says Pink's last message.
Subscribe
A very engaging read in Blockchain. It is given once a week.
John Yun
Yohan Yun is a multimedia journalist who has been reporting on blockchain since 2017. He has contributed as an editor to crypto media outlet Forkast and covered Asian technology stories as an assistant reporter for Bloomberg BNA and Forbes. He spends his free time cooking and experimenting with new recipes.