Hackers Stole $3 Million By Impersonating Crypto Journalists

"A hacking group tracked as 'Pink Drainer' is impersonating journalists in phishing attacks to compromise Discord and Twitter accounts for cryptocurrency-stealing attacks."

Hackers Stole $3 Million By Impersonating Crypto Journalists
  • "Pink Drainer hijacks accounts through social engineering, where the threat actors spend a couple of days impersonating journalists from popular media outlets like Cointelegraph and Decrypt to conduct phony interviews with the victims."
"After gaining their victim's trust, the threat actors tell the targets they must conduct a KYC (know your customer) validation to prove their identity, guiding them to websites used to steal Discord authentication tokens, which enable the attackers to hijack the accounts without knowing the user credentials or having a way to intercept the two-factor authentication code."
  • "To extend their control of the account, the attackers set themselves as administrators and removed all other administrators to steal digital assets and sensitive information undisturbed."
  • "In cases where the account belongs to a renowned project or person with many followers, the attackers use their access to it to promote fake giveaways, fake mints, cryptocurrency scams, and phishing pages."
  • "Unfortunately, Pink Drainer remains active, so high-profile digital asset holders must stay vigilant and treat media outlet communications with suspicion."
  • No Bullshit Bitcoin journalists will never approach you asking to perform a KYC verification, visit some dubious sites, or fill any weird forms.

Bleeping Computer Article / Archive
ScamSniffer Blog Post / Archive