150K Stolen in Phishing Scam (Pink Drainer)

This is a phishing scam that happened recently where the victim lost about 150K in LINK, CBETH, and ILV. Most of the funds are still sitting in decentralized wallets.

50k+ went to an eXch deposit address. I can only assume the rest of the victim's funds will end up there as well.

The Wallets

Victim Wallet

  • 0x373aDc79FF63d5076D0685cA35031339d4E0Da82 – 150K Phishing Victim

Scammer Wallets

  • 0x4f4314e1E81650497D46e5b2179f5F3430902011 – 150K Scammer
  • 0xd93786Dfb7A8c399e063c8e695C0efb3ACb6da9b – 150K Scammer 1
  • 0xafC584057969fdeA6F07E4c7B6E1f4E799Bd964D – 150K Scammer 1 1 [74K here]
  • 0x3B6e65D82B5828e5539ADB63A9cBe7F35F7f780E- 150K Scammer 2
  • 0x8470C613Bcd6866019487d8fC58cCcB23e4af0C2- 150K Scammer 2 1
  • 0x9fA7bB759641FCd37fe4aE41f725e0f653f2C726 – Pink Drainer

Deposit Addresses

  • 0xf1dA173228fcf015F43f3eA15aBBB51f0d8f1123 – eXch [About 50k sent here]

Mapping of the Scam

Above is a trace of all the wallets. So far, only a portion of the funds have been sent to deposit addresses (eXch).

How the Phishing Scam Works

Pink Drainer is a Scam as a Service platform that drains victims wallets once a user signs a malicious contract. It's becoming more popular with the “retirement” of other wallet drainers like Inferno.

The victim goes to a scam website, clicks on the link, and gives permission to connect your hot wallet. Once that is done, Pink Drainer springs into action, draining any and all assets in the wallet. Starting of course with the token with the most assets and going down from there.

Pink Drainer takes 20%+ and the rest goes into the scammers wallet. You can see the process in the image below.

Above is victim's funds getting dispersed between Pink Drainer and the scammer's wallet. Pink Drainer takes a % of funds, usually 20%, before sending the rest to the scammer's fresh wallet.

Wallet of Interest

Whenever I look at these scams/hacks I like to look at all connections. I did notice a Twitter account connected to one of the wallets interacting with the scammer's wallet.

0x56850f01f997A6FAE6533cFFcd036CC6c0D659a7 could very well be a victim as well. It's worth investigating a bit more.

Above is a look inside 0x4f4314e1E81650497D46e5b2179f5F3430902011. The label “filip_eek” is a wallet of interest with the two interactions. This could also be a victim losing RPL and PEPE. It's worth investigating further.

Thanks for reading!

reddit imagereddit imagereddit image

16 thoughts on “150K Stolen in Phishing Scam (Pink Drainer)”

  1. Hello jbtravel84. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting scam-alert.io. For tips on how to avoid scams, click here.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  2. technology advance daily and scammers continue to gain ground. i was a victim of scam last year and about $1K was moved from my wallet

  3. A reminder for us to stay vigilant, please how do one enhance his security practices to escape events like this.

  4. I’m sure it’s just that Nigerian Prince. He’ll be emailing me any mini now to tell me he has millions he needs to send to people but just needs my assistance. I’ll be well paid to help him.

  5. Another hot wallet victim bites the dust. Buy, put in cold storage, dont try to whore your crypto out for bullshit yield and hold long term. I dont get what is so hard to understand about that concept.

  6. Just want to clarify a few things: Pink Drainer is the name of the group and service they provide. It’s not a new technique. They use traditional phishing tactics like Pig’s Butchering.


    > The victim goes to a scam website, clicks on the link, and gives permission to connect your hot wallet. Once that is done, Pink Drainer springs into action, draining any and all assets in the wallet.

    Connecting your wallet to the site cannot drain your wallet by itself. You still have to provide a signature for a transaction for them or get your device compromised.

  7. I always interact with my secondary wallet to any site . Don’t connect your primary wallet anywhere guys . You can send fund to your secondary wallet and do whatever you want to do

Comments are closed.