The Tables Turn as Pink Drainer Falls Victim to Address Poisoning Scam

The notorious Pink Drainer hacking group fell victim to an "address poisoning" scam which cost them 10 ETH. Additionally, several Coinbase users reported large losses due to scammers impersonating Coinbase representatives. Meanwhile, the latest CertiK Web3 Security Report reveals that $1.19 billion was lost to on-chain security incidents in the first half of 2024, mostly due to phishing and key compromises. The Apple-OpenAI partnership faced scrutiny after it was discovered that the ChatGPT app for macOS stored user conversations in unencrypted files, raising some serious privacy concerns.

Pink Drainer Scammed

Pink Drainer, a notorious wallet-draining group, has become a victim of an "address poisoning" scam. The crypto compliance platform MistTrack first pointed out this attack in a July 7 post on X. The post revealed that the hacking group lost 10 Ether (ETH) that is valued at about $30,000.

Address poisoning scams involve attackers sending small amounts of cryptocurrency from a wallet with a similar-looking address to one of the target’s regular wallets. The goal is to trick the target into accidentally sending funds to the incorrect address. 

MistTrack explained that scammers use bots to monitor new transactions and create wallet addresses with similar first and last few characters as the target’s address, banking on the victim mistakenly copying the scam address.

In this instance, the scammers used a wallet address that is almost identical to Pink Drainer’s previous wallet, and ended up successfully tricking them into sending 10 ETH to the fake address. 

This incident happened just over a month after a surprise announcement from Pink Drainer on May 17 that the group will retire its services after reaching its goal of stealing over $85 million in crypto assets.

According to Dune Analytics data, Pink Drainer has stolen $85.3 million in crypto since July of 2023. Despite Pink Drainer stopping its operations, other drainer toolkit services like Angel Drainer, Pussy Drainer, and Venom Drainer still help criminals to steal crypto assets.

What is a Crypto Wallet Drainer?

Chainalysis describes a crypto drainer as a sophisticated phishing tool that is designed specifically for the web3 ecosystem. Unlike traditional phishing tools that steal usernames and passwords, crypto drainers lure victims by posing as legitimate web3 projects. The victims are enticed to connect their crypto wallets to the drainer and unknowingly approve transaction proposals that give the drainer control over their funds. 

Once the transaction is approved, the drainer can instantly steal the digital assets from the victim's wallet. Scams like these are very often promoted on Discord communities and compromised social media accounts.

After successfully stealing digital assets, the operators of crypto drainers use various methods to launder the funds or convert them into cash. Analysis shows that since 2021, there has been a noticeable increase in the use of mixing services by these criminals, while the use of centralized exchanges for laundering stolen funds has decreased. Some drainers also use gambling services, but this is on a much smaller scale. 

The shift towards DeFi projects, like decentralized exchanges, bridges, and swap services, became more prominent in 2022 and 2023. This could be due to the ease and practicality of transferring various digital assets in the DeFi ecosystem, unlike Bitcoin, which poses more transfer challenges.

Scammers Pose as Coinbase Reps

Meanwhile, several Coinbase users and one crypto investor reported being targeted by scammers impersonating Coinbase representatives over the past week. One victim also ended up losing $1.7 million. 

Tegan Kline, co-founder of Edge & Node, shared some details about the incident on July 7, where a scammer tricked a friend into sharing part of their seed phrase, leading to the theft. The scammer posed as a Coinbase security team member, called the victim and sent a convincing email appearing to be from Coinbase, claiming the victim’s wallet was at risk. They directed the victim to a website to enter their seed phrase, and despite knowing the risks, the victim partially entered their phrase. Hours later, $1.7 million was stolen.

Alex Miller, the CEO of Hiro Systems, explained that sites like these can capture data as it is entered, making it possible for scammers to brute force the rest of the seed phrase. Miller also experienced a similar scam and suspects his information was leaked from  CoinTracker's database. 

Another user, TraderPaul04, reported a sophisticated social engineering attempt where a fake Coinbase rep claimed there was a login attempt on their account. The scammer used the victim's full name and email, and sent a fake password reset link to steal the account password. TraderPaul insisted on calling Coinbase directly, causing the scammer to hang up.

On July 7, another user, "beanx," also shared that they received a scam call from a fake Coinbase rep claiming a login attempt on their account. Despite the sheer amount of incidents already reported, Coinbase has not yet provided a comment.

$1.19B Lost in 2024's First Half

The latest CertiK Web3 Security Report reveals that $1.19 billion was lost to on-chain security incidents in the first half of 2024. The majority of these losses were due to phishing attacks and private key compromises, with phishing alone accounting for almost $498 million.

H1 statistics and graph by type (Source: CertiK)

One of the major security breaches in 2024 was the DMM Bitcoin attack that resulted in a loss of $304 million, making it one of the biggest hacks in history. The Japanese crypto exchange ended up losing 4,502.9 Bitcoin. Another notable incident involved the Turkish crypto exchange BtcTurk, which suffered a $90 million loss due to a cyberattack targeting hot wallets.

In response to the security challenges, the United States introduced and passed the FIT21 bill in the first half of 2024. One of the main goals of this regulatory framework is to enhance consumer protections while still supporting innovation in the crypto sector. 

The bill received bipartisan support and is expected to create a safer, better-regulated environment for digital asset exposure, potentially attracting more institutional investors and driving greater compliance efforts.

Despite the concerning state of Web3 security, the trend is not entirely negative. Although crypto hacks caused almost $385 million in losses in May alone, exploits and hacks decreased by 54.2% in June. While major losses may be an inherent part of the crypto  industry for now, simple protective measures like 2FA can actually help users safeguard their assets, according to the co-founder of CertiK Ronghu Gu.

Apple-OpenAI Partnership Hits Privacy Snag

Even the AI sector is not immune to security threats. The partnership between Apple and OpenAI has encountered a big privacy issue as ChatGPT users on macOS discovered that their conversations were stored in plain-text files. 

This is particularly concerning given Apple's strong stance on privacy which contrasts sharply with its competitors who profit from user data. The problem was brought to people’s attention by data engineer Pedro José Pereira Vieito, who revealed that the ChatGPT app stored chat logs unencrypted on users' hard drives until July 5.

This security lapse meant that anyone with access to the computer, whether physically or through malware, could access the chat logs. Apple's macOS typically employs "sandboxing" to encrypt app data, but this protection was bypassed because the ChatGPT app was distributed directly from OpenAI’s website rather than through Apple's app service.

Pereira Vieito criticized OpenAI for opting out of these security measures, leading to the unprotected storage of sensitive data. While it is still unclear if any users were directly affected, the revelation has caused a lot of concern and criticism on social media.

The issue also raises some questions about the oversight and decision-making processes at both OpenAI and Apple. Although the problem has been fixed, the underlying reasons for this lapse in the first place are unknown. 

It is speculated that OpenAI may have chosen this method to access chat logs for development purposes, but this approach overlooked the generation of unencrypted sensitive data on user machines.