Crypto Drainers are Targeting Cryptocurrency Users
As cryptocurrency becomes more popular and the adoption rises, we see a related increase in the number of cybercrimes, fraud, and malware schemes. Criminals like to hunt and plunder where there is money! If you hold cryptocurrency or are using Web3 platforms, you need to be careful.
Among other risks, the latest method is to use a crypto drainer! Crypto drainers are malicious code injected into software and webpages that compromise the victim's crypto wallets or secret keys to drain the accounts.
This can be accomplished through:
- Phishing websites, emails, texts, and other social engineering practices
- Fake airdrops, contests, and ads
- Malicious digital contracts
- Fake exchanges, marketplaces, and crypto services
- And malicious or trojanized browser extensions
Crypto drainers are being productionalized for scale within the cybercriminal community, with Drainers-as-a-Service tools being offered to less savvy wannabe fraudsters. These packages include the malicious code, apps, social engineering functions, and back-end infrastructure to handle the unauthorized asset transfers at scale. Some come with management dashboards to oversee the progress of all the victimization, documentation, tutorials, system updates, and customer support!
Kits start at a mere $100, which is a low bar for many of the unscrupulous cybercriminals. The lure of high rewards, low effort, and a small investment will continue to bring many over to the dark side. Personal and corporate cybersecurity practices must be employed.
Some key recommendations for protecting crypto wallets include:
- Enable multifactor authentication (2FA or MFA) when available on your wallets
- Use hardware wallets or cold wallets for maximum security
- Don’t be phished or socially engineered! Never click a questionable link, install untrusted software, or provide your private keys!
- Avoid browser extensions! They can hijack your webpages and anything you input on them.
- Secure your seeds and private keys in a password manager or offline.
Watch your wallets for unusual activity – although if you see any, it will likely be too late for that wallet!
Cryptocurrency is great, but like any innovative and disruptive technology, the attackers are motivated to find creative ways to victimize users! Understand the risks, act securely, and be cautious.
For more Cybersecurity Insights, follow me on:
- LinkedIn: https://www.linkedin.com/in/matthewrosenquist/
- YouTube: https://www.youtube.com/CybersecurityInsights
- Substack: https://substack.com/@matthewrosenquist
- Cybersecurity Insights: https://www.cybersecurityinsights.us/
![[ℕ𝕖𝕧𝕖𝕣] 𝕊𝕖𝕝𝕝 𝕐𝕠𝕦𝕣 𝔹𝕚𝕥𝕔𝕠𝕚𝕟 - I AM AI](https://cdn.bulbapp.io/frontend/images/7ec46611-f5e1-4e2c-9d5a-ce240b3f2f92/1)
