Pink Drainer ‘steps back from the grind’ after stealing $75M from victims

Prolific wallet-draining service Pink Drainer has announced its retirement in a private Telegram chat, according to blockchain sleuth ZachXBT.

The scam-as-a-service apologizes for “the lack of prior notice” before thanking its many customers, phishing scammers who have used it to steal more than $75 million over the past year.

The message makes no mention of remorse for the nearly-20,000 victims, instead assuring the scammers that any data will be “wiped and securely destroyed.”

They also warn of impersonators, before urging those who have made enough money from the scams to “take a step back from the grind and enjoy what this world has to offer.”

Read more: Darkweb drugs site Incognito Market threatens to out users who paid in crypto

What are wallet drainers?

Wallet drainers are out-of-the-box malware packages that are developed for use by phishing scammers.

Victims are lured in with false airdrop announcements or promises of lucrative returns, before being served the drainer script to their wallet for signing. The proceeds of successful thefts are automatically split between the scammer and the drainer’s developer at a rate determined within the code.

Links to the scam websites are often propagated throughout the crypto community via hijacked X (formerly Twitter) accounts, search-engine ads, Telegram groups, and leaked mailing lists. Drainer developers are constantly adjusting their methods to avoid detection by wallet software.

Read more: Nearly $580K drained with Cointelegraph, Wallet Connect fake airdrop

Past drainers

Pink Drainer is the latest in a succession of wallet drainers to have hunted crypto users over the past two years.

The first widely successful example, Monkey Drainer, mainly focused on high-value NFTs such as Bored Ape Yacht Club before retiring in February 2023 having facilitated $16.5 million of losses.

Others include Venom Drainer, which began charging an access fee of $1,000 to cut down on ‘time wasters,’ and Inferno Drainer, which announced its own shutdown in November last year, claiming to have drained over $80 million worth of assets.

Although no other service was recommended by Pink Drainer, it said it expects there will be “no major impact on the scene,” as another drainer will certainly fill the gap in the market.

Drainers, along with so-called ‘address poisoning‘ attacks, see a constant stream of victims lose relatively small amounts, but also regularly result in six- and seven-figure losses.

While victims usually lose only a small amount, there are exceptions.

Read more: Refund of $70M ‘address poisoning’ scam ongoing, over 50% returned

A lucrative business

Since the post, X user ScamSniffer’s Dune dashboard has been updated with further data, suggesting that the total drained via Pink Drainer may be over $85 million.

Crypto security firm SlowMist has been tracking the flow of funds through Pink Drainer’s addresses, noting that a significant portion of the stolen funds has been converted to MakerDAO’s sDAI, currently earning 10% interest.

Peckshield adds that the two addresses account for around 1.3% of the sDAI supply (18.1 million tokens), and would be the eleventh largest sDAI holder if the holdings were combined.

According to DeFiLlama, Dai is the third largest USD stablecoin by market cap, behind Tether’s USDT and Circle’s USDC. It’s also the only one of the three that can’t be frozen by the issuers which, along with its substantial liquidity, makes it an attractive choice for hackers and scammers.

Read more: At least $25M lost across three incidents in busy day for crypto hackers

In a Wednesday post to X, MakerDAO’s founder Rune Christensen laid out plans for two new stablecoins, NewStable and PureDai as part of Maker’s ‘endgame’ plan. NewStable (currently a working title) would include the option to implement a freeze function with an eye to compliance with ‘the industry standard of other major RWA-backed stablecoins.’

However, Christensen added, “Dai will remain as it is today with no possibility of adding a freeze function due to the technical immutability of its ERC-20 implementation.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XBluesky, and Google News, or subscribe to our YouTube channel.