Monkey Drainer is suspected to have been active since October 2022, when it was revealed that $1 million in Ether (ETH) was stolen via dubious copycat nonfungible token (NFT) minting websites. Since then, they are reported to have stolen up to $13 million in cryptocurrencies and nonfungible tokens.
ZachXBT, an “on-chain sleuth” is a well-known blockchain investigator. He was among the first to follow and expose the activities. He recently helped with the flash attack on DeFi protocol Platypus where they lost around $8.5M. He assisted in connecting the scammer’s account to a now-deleted Twitter account with the handle @retlqw, participated in negotiations with the scammer and the Platypus team, and finally went to the police. ZachXBT does thorough on-chain analysis, monitoring wallets and transactions connected to hacks, phishing scams, and other dangers. In addition to other methods like Twitter search, he uses on-chain tools like Nansen, blockchain explorers, and Breadcrumbs to find leads.
The cryptocurrency phishing scammer who was responsible for some of the most high-profile and high-value Web3 scams alleges to have closed shop, claiming it was “time to move on to something better.” On March 1, they said on their Telegram channel that they “will be shutting down immediately,” that all “files, servers, and devices” associated with the drainer would be wiped instantly and that they will not come back.
Monkey Drainer even suggested a “flawless” alternative service to the one they used to provide, dubbed “Venom Drainer,” and referred to a Telegram account for the service that was just created a day before Monkey’s statement. The scammer even advised aspiring new cyber criminals not to “lose themselves in the pursuit of easy money,” and that only those “with the highest level of dedication” should run a big-scale cybercrime operation.
A blockchain security firm, PeckShield, reported on March 1 that Monkey Drainer’s wallet had put roughly 200 Ether worth $330,000 into the crypto mixing service Tornado Cash in the previous day, in an attempt to conceal their cash. There was still 840 ETH in their primary wallet, valued at $1.4 million.
CertiK, another blockchain security organization, has long thought it has discovered the real-life identity of at least one scammer reportedly connected to the “Monkey Drainer” phishing scam. CertiK claimed in a blog post on Jan. 27 that it discovered on-chain chats between two fraudsters involved in a $4.3 million Porsche NFT phishing scam and was able to trace one of them to a Telegram account selling the Monkey Drainer-style phishing kit. In a March 1 tweet, they also posted Monkey’s statement, suggesting the crypto wallet-draining kit they sold is thought to extract a 30% commission on funds taken from others’ use of the software.
Back-to-back hacks have crushed the idea that blockchain operations are safe. As a result, one of the challenges to widespread acceptance of digital currency has been hacking. Several high-profile thefts have happened on several cryptocurrency exchanges and platforms, discouraging investors from investing. Last year, Chainalysis, an American blockchain analysis organisation, discovered a loss of $3.8 billion in cryptocurrency attacks, a 15% increase over 2021 ($3.3 billion) and a significant increase over the $0.5 billion taken in 2020.