More than $40k lost to crypto drainer scams leveraging IPFS and malicious code hidden behind look-alike CDN imitations.
At Netcraft, we’ve been disrupting cryptocurrency-based scams for over 10 years, including more than 15,000 IPFS phishing takedowns since 2016. As we closely monitor evolving threats and criminal innovation, modern technologies like Web3 APIs have made crypto scams easier and more accessible than ever before.
Cryptocurrencies remain a particular target for criminals due to their decentralized nature; no central arbiter of transactions means that victims have no way to reverse mistakes, nor any avenue to redress any losses incurred.
In this blog post, we’ll cover crypto drainers, a type of payment diversion fraud that takes advantage of Web3 APIs to trick victims into giving away their cryptocurrency coins and tokens. Just two clicks on a copycat website to ‘claim a free token’ could irreversibly transfer all their crypto assets to criminals.
Crypto drainers and Web3 wallet APIs
Web3 wallet APIs are designed to allow websites to interact with users’ cryptocurrency wallets, and function as a bridge between applications and the blockchain. They can only run in a Web3-enabled browser (such as Brave), or with a browser extension like MetaMask. The wallet APIs allow sites to request the user sign a specific message, or to send some cryptocurrency to a specific address.
In a standard crypto draining scam, a cybercriminal will claim to be offering free cryptocurrency tokens to the user, most commonly in the form of minting new coins. This is used to trick the victim into connecting their wallet to a malicious website, which can then obtain the victim’s cryptocurrency address.
Figure 1 – Cryptocurrency drainer at nonextpepe[.]com.
Once connected, the criminal can request signatures or transactions for this wallet. It’s important to note that connecting a wallet …