As Ethereum Mining Intensifies, Drains Move To Tons And Bitcoin – Cointelegraph Magazine
6 months ago Benito Santiago
Ton blockchain has been the crypto success story of 2024. Toncoin's price has increased more than fivefold over the past year and has risen to the top 10 cryptocurrencies by market capitalization.
Weathered clicker games like Notecoin and Hamster Kombat have helped drive daily active addresses above Ether.
The 900 million users of Telegram's messaging platform will delight fans who see Ton as a big adoption game.
The eye-watering numbers are the dream of the project, but it is a well for the sewers stuck in Ethereum, the lakes of victims are starting to dry up.
Israel-based security firm Blocked has reported that cryptocurrency leaks have begun migrating to The Open Network (TON), the blockchain powered by the Telegram messaging app.
“We're seeing a lot of sewers showing more interest in the ton ecosystem. [because] There's a lot of value on the TON side,” Raz Niv, founder of Israel-based security firm BlockAid, told the magazine.
Crypto newcomers who have taken to the platform for gaming are good and uncomplicated drain targets.
To make matters worse, streaming activity on tons is relatively new, and the network's wallets don't yet have the security tools that older chains like Ethereum do.
One ton drain has been seen luring victims for 5,000 USDT. This plan uses Tone's unique comment feature, which allows transfers to contain a customized message for the recipient at the signing stage in their wallet.
When the transfer pops up “Receive 5,000 USDT” with a “Verify” button, victims are caught unaware that they have actually signed on to the token drain.
This simple yet effective method has yielded at least 22,000 tons (about $152,000) to one particular sewer.
Recently, the same suspicious address was seen running a campaign related to the Notcoin airdrop phishing scam.
“Phishing scams are on the rise as tons gain popularity. ScamSniffer detected an increase in tons of phishing sites last month, the security firm warned on Twitter in May.
Magazine You'll Get Tons of Drain Scripts for $300 – Via Telegram, Naturally.
Table of Contents
ToggleWhat are wallet drains and how do they affect tons?
Drain developers are fraudulent tools sold to illegal actors to steal cryptocurrencies. Fraudsters often hook investors up with phishing links that set them up to steal their assets.
For example, a user posting on Coinbase about a stuck transaction on X will often see dozens of responses from fake Coinbase support staff, leading to a fake website that tricks users into checking their wallets for help. Similarly, a post about revoking old token approvals (which is a good idea to avoid exploits) may lead to a drain.
In May, victims lost $42 million to phishing scams, with 80% of those victims coming from Ethereum, according to Scam Sniffer. That's up from $38.6 million in April, but down from $75 million in March.
Many of these sewers are looking for new opportunities because business has become more difficult on chains like Ethereum, where security tools are increasingly able to sniff out malicious communications and requests with greater accuracy.
Blockaid is a security tool that poses a major threat to the streaming industry. Connected to wallets like MetaMask and Coinbase, the service simulates transactions behind the scenes and flags suspicious transactions.
When a threat is detected, Blockaid posts stop signals on the wallet to warn users of potential losses (some investors still decide to continue despite multiple warnings).
“Blockaid bypass” has become a popular feature of live sewers, although not all of them work.
Blockaid's wallet integration last year played a key role in drainers closing shop, with Violet Drainer being one of the latest examples directly citing Blockaid as the reason for the shutdown.
Violet Drenner has announced its shutdown in April 2024, citing the fraud success rate as the main reason due to Blockaid's security tools.
“Many drains have been blocked due to a few attacks. [and] The Telegram channel was sold for $7,000 and is now under “new management,” a former operator of Violet Drenner's Telegram channel told the magazine.
“He[the new manager]is also leaking but he has a personal leak that says I have a full Blockaid pass,” they say.
Private sewers operate in gated communities. In some cases, they need a stamp of approval from a team member to board sewer services.
The Violet Drain operator added that drains are being converted into a “new coin” that “can now be drained”.
“In my opinion, it is better than SOL and ETH drain,” says the operator.
Also read
Main characteristics
Tokenomics is not Ponzi-nomics: influencing behavior, making money
Main characteristics
4 out of 10 NFT sales are fake: learn to recognize the signs of a bath trade
When asked which cryptocurrency the leakers were moving to, the operator declined to comment because it “brings heat to the community.”
But drain operators have emerged in several Telegram communities as prime candidates for the Toon and Bitcoin networks to become the new hot zones for drains.
He tells the magazine that Blockaid's Niv drains support tons.
EVM to TVM drain
The increasing difficulty of investing in Ethereum and Ethereum Virtual Machine-compatible blockchains makes the growing popularity of Tons attractive. Blockchain's user base is exploding on the back of viral mini-apps with the promise of future airdrops.
According to the Token Terminal, the network As of June 14, it had a record 5.7 million monthly users, up from just 228,000 at the start of the year.
But it's not as easy as transferring to Ton, especially since Ton is not an EVM-based blockchain by nature. Drainer developers are starting to offer multi-chain products for EVM chains like Ethereum, Binance's BNB Chain or Avalanche.
For non-EVM chains like Ton, developers have to deploy new drainage products.
That doesn't mean it comes with a ton of new security vulnerabilities, but rather that advanced security tools and fraud detectors haven't yet been integrated into the network's wallets.
Telegram's privacy-focused nature (encrypted messaging, though not end-to-end encryption) appeals to users who feel that mainstream messaging apps aren't focused enough on data protection and privacy. According to founder Pavel Durov, the messaging app has 900 million users.
However, its privacy-focused design has made the app a ripe platform for illegal activities, and some have dubbed it the new “dark web.”
Blockaid says it is working on various blockchain security measures, including TONE, but says it is not interested in sharing information and data that could be used by illegal actors to take advantage of the company.
“Because of this cat-and-mouse game, everything we show publicly is used by the sewers to try and get around us,” Neve says.
The rising ton
The tonnage increase comes at a time when the popularity of Telegram-based games is exploding, which recently pushed the network's daily address count over Ethereum, excluding users in the second layer.
NotCoin, a viral Telegram game that rewards users for tapping their screen, reportedly has 35 million users. Its spiritual successor, Hamster Kombat, claims to have a player base of over 150 million users.
Where there are more users and more profit in crypto, you will find scammers and thieves.
Also read
Main characteristics
Investing in the blockchain game: Why VCs are betting big
Main characteristics
Legal risks of participating with DAO
Tone Network's integration with Telegram, a privacy-promoting app, makes it even more convenient for fraudsters.
Telegram has been growing as an alternative to the dark web in recent years as cybercriminals flock to messaging apps from the traditional dark web.
A social engineering Telegram channel monitored by a magazine with over 5,500 members is a cryptocurrency exchange where crypto criminals buy and sell services such as SIM swapping and trading accounts if you pass your client's verification.
Frequently scammers are seen arguing after being scammed by another channel member.
Leaking is one of the services frequently offered in such Telegram channels.
Tons of great for them
Magazine has found a separate Telegram channel that sells tons of draining scripts.
Since the product is still in an old version, it is introduced as a wallet extraction script that only works with Toonkeeper wallet.
At the time of writing, the drain only works for two types of tokens, Toncoin and Jetton (TON's fungible tokens). The full source code is being sold for $1,000, while a simplified version is available for $300.
The millions of users who are joining Ton Blockchain hoping to receive airdrops via various Telegram mini-apps are not crypto-natives and are introduced to wallets and pedigrees for the first time through this viral experience.
Unfortunately for them (but thankfully for sewers), Blockaid doesn't support the Ton Network yet.
Newbies to crypto who are not yet fully aware of the risks posed by drains may have to find out the hard way until security tools are installed on the relatively new network.
“We started with Ethereum – they blocked them there. They moved to Solana – they blocked them there. Now, they are moving to Ton. After this, they will be on the next chain,” says Niv.
Are Bitcoin Drains Coming Next For You?
Ethereum-based assets, particularly ERC-20 tokens, are the most liquid assets in the world, but even they have limitations, said Koss, founder of security firm SlowMist.
Because only one ERC-20 asset – like USDT or USDC – can flow in one transaction at a time. The difference is that multiple tokens can flow when licensing platform contracts (such as OpenSea Seaport or Uniswap Permit2).
In Bitcoin, transactions use the UTXO model, where each transaction can include multiple inputs (unreleased results from previous transactions) and multiple outputs (new UTXOs).
“Since all Bitcoin-based assets (including native Bitcoin) exist as UTXOs, if a user is liquidated, all of their Bitcoin-based assets can be withdrawn at once in a single transaction,” Koss explained.
This means that if an attacker gains control of a user's wallet, they can create a transaction that consolidates all of the user's UTXOs, which can deplete all Bitcoin-based assets in a single transaction, even BRC-20s, Ordinals, Runes, and Bitcoin.
Blockchain forensics firm Chainalysis reported in May that the first Bitcoin eviction was masquerading as the Magic Eden website, an irrevocable token marketplace that supports Bitcoin casual businesses.
This drain has stolen about $500,000 in more than 1,000 transactions through April 2024, according to Chainalysis.
But Kos One's earlier incident suggests that Bitcoin leaks are already a year old.
In June 2023, a social media user reported a scam posing as the BRC-20 project with a suspicious phishing link.
The increase in tonnage provides a new frontier for sewers, extending their life as Ethereum's sewer business grows stronger.
Some of the most successful sewers have decided to retire, Rose Drainer hung up his shoes after stealing $85 million. Inferno Drainer was shut down in late 2023 after stealing $70 million, but became active again in May.
Also read
Main characteristics
Crypto-Sec: $11M Bittensor phish, UwU Lend and Curve fake news, $22M Lykke Hack
Main characteristics
Shanghai Special: The Fall of the Crypto Crackdown and What Happens Next
Tons of exploding user base of crypto newbies and Telegram's privacy features are giving illegal actors new opportunities and a sea of victims. The lack of reliable security tools like Blockaid on the TON network (for now) exacerbates the vulnerability of these users.
This is part of an ongoing “cat-and-mouse game,” according to Nivi, where security firms and cybercriminals are fighting to outwit each other.
Once a security measure is in place for the TON network, a new threat is bound to emerge as the UTXO model provides an effective drain for bad actors in the wake of the recent anomalous events in Bitcoin.
Violet Drainer's operator calls this a “new era of draining” of private drains and threats in multiple blockchains.
But Blockaid claims that they are one step ahead of the leaks and can still detect and track leaking activities both publicly and secretly.
Subscribe
A very engaging read in Blockchain. It is given once a week.
John Yun
Yohan Yun is a multimedia journalist who has been reporting on blockchain since 2017. He has contributed as an editor to crypto media outlet Forkast and covered Asian technology stories as an assistant reporter for Bloomberg BNA and Forbes. He spends his free time cooking and experimenting with new recipes.