Prolific wallet-draining service Pink Drainer has announced its retirement in a private Telegram chat, according to blockchain sleuth ZachXBT.

The scam-as-a-service apologizes for “the lack of prior notice” before thanking its many customers, phishing scammers who have used it to steal more than $75 million over the past year.

The message makes no mention of remorse for the nearly-20,000 victims, instead assuring the scammers that any data will be “wiped and securely destroyed.”

They also warn of impersonators, before urging those who have made enough money from the scams to “take a step back from the grind and enjoy what this world has to offer.”

Read more: Darkweb drugs site Incognito Market threatens to out users who paid in crypto

What are wallet drainers?

Wallet drainers are out-of-the-box malware packages that are developed for use by phishing scammers.

Victims are lured in with false airdrop announcements or promises of lucrative returns, before being served the drainer script to their wallet for signing. The proceeds of successful thefts are automatically split between the scammer and the drainer’s developer at a rate determined within the code.

Links to the scam websites are often propagated throughout the crypto community via hijacked X (formerly Twitter) accounts, search-engine ads, Telegram groups, and leaked mailing lists. Drainer developers are constantly adjusting their methods to avoid detection by wallet software.

Read more: Nearly $580K drained with Cointelegraph, Wallet Connect fake airdrop

Past drainers

Pink Drainer is the latest in a succession of wallet drainers to have hunted crypto users over the past two years.

The first widely successful example, Monkey Drainer, mainly focused on high-value NFTs such as Bored Ape Yacht Club before retiring in February 2023 having facilitated $16.5 million of losses.

Others include Venom Drainer, which began charging an access fee of $1,000 to cut down on ‘time wasters,’ and Inferno Drainer, which announced its own shutdown in November last year, claiming to have drained over $80 million worth of assets.

Although no other service was recommended by Pink Drainer, it said it expects there will be “no major impact on the scene,” as another drainer will certainly fill the gap in the market.

Drainers, along with so-called ‘address poisoning‘ attacks, see a constant stream of victims lose relatively small amounts, but also regularly result in six- and seven-figure losses.

Read more: Refund of $70M ‘address poisoning’ scam ongoing, over 50% returned

A lucrative business

Since the post, X user ScamSniffer’s Dune dashboard has been updated with further data, suggesting that the total drained via Pink Drainer may be over $85 million.

Crypto security firm SlowMist has been tracking the flow of funds through Pink Drainer’s addresses, noting that a significant portion of the stolen funds has been converted to MakerDAO’s sDAI, currently earning 10% interest.

Peckshield adds that the two addresses account for around 1.3% of the sDAI supply (18.1 million tokens), and would be the eleventh largest sDAI holder if the holdings were combined.

According to DeFiLlama, Dai is the third largest USD stablecoin by market cap, behind Tether’s USDT and Circle’s USDC. It’s also the only one of the three that can’t be frozen by the issuers which, along with its substantial liquidity, makes it an attractive choice for hackers and scammers.

Read more: At least $25M lost across three incidents in busy day for crypto hackers

In a Wednesday post to X, MakerDAO’s founder Rune Christensen laid out plans for two new stablecoins, NewStable and PureDai as part of Maker’s ‘endgame’ plan. NewStable (currently a working title) would include the option to implement a freeze function with an eye to compliance with ‘the industry standard of other major RWA-backed stablecoins.’

However, Christensen added, “Dai will remain as it is today with no possibility of adding a freeze function due to the technical immutability of its ERC-20 implementation.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Pink Drainer ‘steps back from the grind’ after stealing $75M from victims appeared first on Protos.

Hardware wallet company Trezor has advised any of its newsletter subscribers who have entered their seed phrases into any form sent to them, particularly if it was via email, to transfer their funds to another wallet immediately.

The company issued the advice via X (formerly Twitter) a few hours after it confirmed that it had detected an unauthorized email impersonating Trezor sent from a third-party email provider it uses.

Trezor told users that, if they received a suspicious email with the subject line ‘Assets undergoing upgrade’ from the ID: noreply@trezor.io, they should avoid clicking on any links or providing any information.

It then suggested they delete the email immediately.

Read more: Bitcoin ransomware gang claims to have hacked major UK water provider

In the same thread, Trezor moved to reassure users that if they haven’t entered their details, their funds are safe, and said it had “swiftly managed to deactivate the malicious link within the email text immediately and limited the reach of the threat.”

This phishing attack comes barely a week after Trezor suffered another security breach that it reportedly exposed sensitive information belonging to more than 65,000 users.

Trezor said that it identified a breach of its third-party support portal on January 17 and cautioned that users who’ve interacted with its support team since December 2021 may have had their data compromised.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post If you filled in a form from Trezor, you may have to change your wallet appeared first on Protos.

Collapsed crypto ecosystem Terra has warned whatever users it has left to “avoid interacting with sites with the terra(dot)money domain” until further notice after it was apparently hacked and used to carry out phishing attacks.

According to web3 developer and X user Kiruse, as of today, the site was “still a phishing site” and users were warned not to enter their seed phrase.

Terra’s official X account has advised its users to only refer to its official X (formerly Twitter), Telegram, and Discord channels for updates.

There appears to have been significant confusion around the status of the site since the problem was first announced by Terra on August 19. Terra claimed that “sites are coming back online,” however, two days later, there’s still no official announcement that the problem has been solved.

Read more: South Korea court says Terraform Labs’ crypto token Luna wasn’t a security

Despite Terra’s domain-related problems, the company’s blockchain infrastructure apparently remains secure.

Since its collapse in May last year, the problems have kept coming for Terra and its parent company Terraform Labs.

Back in April, the company’s co-founder Daniel Shin was indicted in South Korea on several charges, including violations of capital markets law.

Nine other people were indicted alongside Shin and authorities froze a combined 247 billion won ($185 million).

In July, a New York judge denied a motion to dismiss by Terraform Labs in its ongoing case with the Securities and Exchange Commission (SEC). The judge denied claims from Terraform Labs and its founder Do Kwon that the agency lacked jurisdiction and that the TerraUSD stablecoin didn’t qualify as a security.

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on Twitter, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Terra warns users after hackers turn domain into a ‘phishing site’ appeared first on Protos.