This is a phishing scam that happened recently where the victim lost about 150K in LINK, CBETH, and ILV. Most of the funds are still sitting in decentralized wallets.
50k+ went to an eXch deposit address. I can only assume the rest of the victim's funds will end up there as well.
- 0x373aDc79FF63d5076D0685cA35031339d4E0Da82 – 150K Phishing Victim
- 0x4f4314e1E81650497D46e5b2179f5F3430902011 – 150K Scammer
- 0xd93786Dfb7A8c399e063c8e695C0efb3ACb6da9b – 150K Scammer 1
- 0xafC584057969fdeA6F07E4c7B6E1f4E799Bd964D – 150K Scammer 1 1 [74K here]
- 0x3B6e65D82B5828e5539ADB63A9cBe7F35F7f780E- 150K Scammer 2
- 0x8470C613Bcd6866019487d8fC58cCcB23e4af0C2- 150K Scammer 2 1
- 0x9fA7bB759641FCd37fe4aE41f725e0f653f2C726 – Pink Drainer
- 0xf1dA173228fcf015F43f3eA15aBBB51f0d8f1123 – eXch [About 50k sent here]
Mapping of the Scam
Above is a trace of all the wallets. So far, only a portion of the funds have been sent to deposit addresses (eXch).
How the Phishing Scam Works
Pink Drainer is a Scam as a Service platform that drains victims wallets once a user signs a malicious contract. It's becoming more popular with the “retirement” of other wallet drainers like Inferno.
The victim goes to a scam website, clicks on the link, and gives permission to connect your hot wallet. Once that is done, Pink Drainer springs into action, draining any and all assets in the wallet. Starting of course with the token with the most assets and going down from there.
Pink Drainer takes 20%+ and the rest goes into the scammers wallet. You can see the process in the image below.
Above is victim's funds getting dispersed between Pink Drainer and the scammer's wallet. Pink Drainer takes a % of funds, usually 20%, before sending the rest to the scammer's fresh wallet.
Wallet of Interest
Whenever I look at these scams/hacks I like to look at all connections. I did notice a Twitter account connected to one of the wallets interacting with the scammer's wallet.
0x56850f01f997A6FAE6533cFFcd036CC6c0D659a7 could very well be a victim as well. It's worth investigating a bit more.
Above is a look inside 0x4f4314e1E81650497D46e5b2179f5F3430902011. The label “filip_eek” is a wallet of interest with the two interactions. This could also be a victim losing RPL and PEPE. It's worth investigating further.
Thanks for reading!