Hackers Stole $3 Million By Impersonating Crypto Journalists

• "According to ScamSniffer analysts, Pink Drainer successfully compromised the accounts of 1,932 victims to steal roughly $2,997,307 worth of digital assets on the Mainnet and Arbitrum," wrote Bleeping Computer.
• "Some of the threat actor's recent targets are believed to include the CTO of OpenAI Mira Murati, Steve Aoki, Evmos, Pika Protocol, Orbiter Finance, LiFi, Flare Network, Cherry Network, and Starknet."

• "Pink Drainer hijacks accounts through social engineering, where the threat actors spend a couple of days impersonating journalists from popular media outlets like Cointelegraph and Decrypt to conduct phony interviews with the victims."

"After gaining their victim's trust, the threat actors tell the targets they must conduct a KYC (know your customer) validation to prove their identity, guiding them to websites used to steal Discord authentication tokens, which enable the attackers to hijack the accounts without knowing the user credentials or having a way to intercept the two-factor authentication code."

• "To extend their control of the account, the attackers set themselves as administrators and removed all other administrators to steal digital assets and sensitive information undisturbed."

• "In cases where the account belongs to a renowned project or person with many followers, the attackers use their access to it to promote fake giveaways, fake mints, cryptocurrency scams, and phishing pages."
• "Unfortunately, Pink Drainer remains active, so high-profile digital asset holders must stay vigilant and treat media outlet communications with suspicion."
• No Bullshit Bitcoin journalists will never approach you asking to perform a KYC verification, visit some dubious sites, or fill any weird forms.

Bleeping Computer Article / Archive
ScamSniffer Blog Post / Archive