A hacker known as Monkey Drainer has stolen US$1mn worth of Ethereum and NFTs in a hacking spree across just 24 hours.
The hack was reported by Twitter user ZackXBT who describes themselves as a “crypto sleuth” and a “rug pull survivor turned 2D detective”. A rug pull is a scam which sees malicious actors pose as a legitimate cryptocurrency project to attract investors, only to ‘pull out’ of the project before it is completed, leaving the investors with worthless cryptocurrency.
1/ Over the past 24 hrs ~700 ETH ($1m) has been stolen by the phishing scammer known as Monkey Drainer.
They recently surpassed 7300 transactions from their drainer wallet after being around for only a few months. pic.twitter.com/6vAYBiqCxQ
— ZachXBT (@zachxbt) October 25, 2022
The victims that suffered the most in the cyber-attack were referred to as 0x02a and 0x626, who lost a collective US$370,000 via malicious phishing sites operated by Monkey Drainer. 0x02a lost 12 NFTs worth around US$150,000 in the hack.
0x626 held around US$2.2mn in their cryptocurrency wallet at the time, however, some of the transactions pushed by Monkey Drainer were rejected by the network the wallet was on, leading to an overall actual loss of US$270,000 worth of cryptocurrency.
The wallets Monkey Drainer uses during hacks were being marked as suspicious. This led to their rejections by the majority of validators that are computers dedicated to maintaining the integrity of a blockchain.
Monkey Drainer is known for using phishing-based hacking techniques to steal from victims. They set up fake cryptocurrency and NFT sites, most notably posing as legitimate blockchain sites RTFKT and Aptos. Victims then enter sensitive details about their cryptocurrency wallets and sign off on transactions. This information then allows Monkey Drainer to access their wallets.