Monkey Drainer steals dozens more NFTs, nets around $867,000

The "Monkey Drainer" NFT phishing scammer first identified by blockchain detective zachxbt has struck again. They successfully emptied 7 CryptoPunks and 20 Otherside NFTs, which they flipped for 522 ETH (~$867,000). The scammer then laundered the funds through the Tornado Cash cryptocurrency mixer.

Monkey Drainer steals ~$1 million in 24 hours

A phishing scammer called "Monkey Drainer" stole around 700 ETH (~$940,000) in 24 hours on October 25, according to blockchain sleuth zachxbt. The scammer used malicious phishing sites to trick users into signing transactions that then drained cryptocurrencies and NFTs from their wallets. Some individual victims lost crypto valued at hundreds of thousands of dollars, and others lost NFT collections. Zachxbt estimated the total amount solen by Monkey Drainer to be around $3.5 million.

Four NFTs valued at at least $150,000 stolen from Jason Falovitch

An illustration of a golden brown ape with closed eyes, biting its lower lipBored Ape #7779 (attribution)
Sports manager turned crypto entrepreneur Jason Falovitch is now perhaps best known for his influence in the NFT space. He co-founded the Leverage Game Media company along with Mark Cuban, a group that owns many NFT assets and helps promote NFT projects through their control of major sports social media pages. Falovitch also co-founded @NFT, a group of social media pages that earned a ban from Twitter in February after accusations that they promoted scammy NFT projects without proper disclosure.

On September 25, Falovitch tweeted "I got hackled last night on Opensea. Apes, doodles, eth. It's not pretty." Four NFTs had been stolen from his wallet — two Doodles, and a Mutant and Bored Ape – along with 6 ETH (~$7,750). The Mutant and Bored Apes were both resold, for 15.99 ETH (~$20,700) and 82.69 ETH (~$107,000) respectively. Factoring in Doodle floor prices, the hacker is looking at at least $150,000 in profit.

The loss, however, is larger for Falovitch, who spent ~$377,000 on the four NFTs based on the price of ETH at the times of purchase. Falovitch tweeted after the hack, "Now I’m over $1M hacked in ETH and NFTs." It's not clear if he's referring to other wallets he may control that were compromised, previous hacks he's suffered, or if he's massively overestimating the value of the stolen NFTs. He also tweeted that he discovered his car was broken into as he went to drive to the police department to report the NFT thefts.

Well-known crypto researcher zachxbt, who is known for helping victims of wallet hacks recover their assets, tweeted to Falovitch: "Karma for all of the people you rekt with the scams promoted on your Instagram page. Definitely won't be tracking this one."

Vulnerability discovered in vanity wallet generator puts millions of dollars at risk

The 1inch Network disclosed a vulnerability that some of their contributors had found in Profanity, a tool used to create "vanity" wallet addresses by Ethereum users. Although most wallet addresses are fairly random-looking, some people use vanity address generators to land on a wallet address like 0xdeadbeef52aa79d383fd61266eaa68609b39038e (beginning with deadbeef), or one with lots of 0s at the end, or some other address the user thinks looks cool.

However, because of the way the Profanity tool generated addresses, researchers discovered that it was fairly easy to reverse the brute force method used to find the keys, allowing hackers to discover the private key for a wallet created with this method.

Attackers have already been exploiting the vulnerability, with one emptying $3.3 million from various vanity addresses. 1inch wrote in their blog post that "It’s not a simple task, but at this point it looks like tens of millions of dollars in cryptocurrency could be stolen, if not hundreds of millions."

The maintainer of the Profanity tool removed the code from Github as a result of the vulnerability. Someone had raised a concern about the potential for such an exploit in January, but it had gone unaddressed as the tool was not being actively maintained.

Researcher zachxbt alleges that teenager who stole crypto worth $37 million in 2020 is responsible for a spate of crypto-related Twitter hacks

BirdPartner - The Secret Twitter Panel
Today, I will start to lease out access to my exclusive Twitter panel. This support hub allows you to request usernames, ban accounts, restore access to stolen/locked accounts, report instances of rule violations, and more.
Due to the extreme nature and power of the panel, access will be restricted to a limited amount of users at once. There are several packages; each becoming more discounted the bigger package you buy.Post on SWAPD advertising access to Twitter panel (attribution)
In 2020, a Canadian teenager used SIM swapping to steal US$37 million in Bitcoin and Bitcoin Cash from a single person. Canadian police announced his arrest in November 2021 after he tried to buy a rare gaming username, also writing that they had seized around $5 million of the stolen funds.

Now, crypto investigator zachxbt thinks the same individual is indirectly responsible for a slew of compromised Twitter accounts that have then been used to promote crypto scams, including those of Beeple, DeeKay, and others. According to zachxbt, he has been selling access to a Twitter admin panel, which allows employee-level access to Twitter tools. This might explain how many of the accounts were compromised despite being protected by multi-factor authentication. According to zachxbt, "It’s still unclear as to how Redman gained access to the panel to make elevated requests & reset passwords. As of now it appears the method stopped working".

Someone buys a Bored Ape, gets scammed out of it two hours later

An illustration of an ape with black fur, sticking out its tongue, wearing a tuxedo t-shirt and a gold stud earringBored Ape #887 (attribution)
In what might be a new record, someone bought a Bored Ape NFT for 70.69 ETH (~$116,000) and had it stolen from them less than two hours later. The scammer quickly flipped the NFT for 61.6969 ETH (~$101,000), then bridged the funds through RenBridge to cover their tracks.

Bribe Protocol team disappears after raising $5.5 million

The Bribe Protocol promised a DAO infrastructure tool where "token holders get paid to govern", and raised $5.5 million in funding in January to work on their extensive roadmap. However, the project leaders have effectively disappeared. There are no posts on the project's Twitter account since May, their Medium page has been untouched since March, and the Discord is a ghost town aside from the occasional message asking about the status of the project and the inevitable reply that the developers had rug pulled.

Bribe Protocol was incubated by Advanced Blockchain AG and Composable. Composable might ring a bell, because in February its pseudonymous head of product, 0xbrainjar, was revealed to be Omar Zaki, who had settled with the SEC over charges that he had misled investors while operating an unregistered investment advisement company and hedge fund. At the time, he wrote that "I do not want a mistake in my youth to cloud all of the team's efforts", though the SEC charge was filed less than three years prior, when Zaki was 21.

An employee of Figment Capital, one of the investors in Bribe Protocol, claimed that the project had formally shut down and returned 86% of the funds raised from institutional investors, though "retail took a huge L". However, this doesn't appear to have been publicly announced by the project.

Bribe Protocol is, of course, not to be confused with the other Bribe Protocol, a defi project that was abandoned in May 2021.

Collector loses four Bored Apes valued at over $500,000 to phishing attack

An illustration of a white-furred ape, with a bandage around its eyes, wearing a toga.Bored Ape #2393, the one stolen NFT yet to be sold (attribution)
An NFT collector who goes by ASEC_APE lost four Bored Ape Yacht Club NFTs to a phishing attack. The attacker quickly flipped three of the four NFTs for a total of around 200 ETH (~$387,000). The fourth is listed for sale on the NFT platform X2Y2 for 84.59 ETH (~$159,000)—a total profit of $546,000 for the scammer if they find a buyer at that price.

ASEC_APE had just purchased the four NFTs between July 15 and August 13 for a combined total of 326 ETH (~$532,000 based on ETH prices at the time of each purchase; ~$631,000 at the price on the day of the theft).

One of the stolen NFTs, Bored Ape 9012, had just been stolen a week before from Cameo CEO Steven Galanis when his wallet was compromised, as were a handful of other pricey NFTs. ASEC_APE had purchased it from the person who purchased it from the hacker shortly after the August 6 theft.

"Animate your Bored Ape" scammers linked to more phishing attacks amounting to more than $2.5 million

Screenshot of an Instagram post promising to animate users' Bored Ape NFTs. Text reads "Wanna turn your Ape or Mutant into a cool GIF? - High quality - All attributes working - Only gas fees to pay (50$) boredapeyachtclub.github.io (LINK IN BIO) PM @exyt to get gas fees refunded!"Screenshot of an Instagram post promising to animate users' Bored Ape NFTs (attribution)
Crypto sleuth zachxbt has uncovered a French scam duo, Mathys and Camille, who he believes were behind the March "turn your BAYC animated" phishing scam in which they stole a collector's Bored Ape NFT and flipped it for 264 ETH (at the time worth $764,000). He has also tied them to four other Bored Ape holders who fell victim to fake "animator" phishing schemes that also stole pricey NFTs including Doodles and Mutant Apes. Among them, they lost NFTs collectively valued at $1.7 million. In his investigation, zachxbt also uncovered other crypto wallets that appeared to contain proceeds from other phishing scams, totaling around 497 ETH (~$851,000). "Undoubtedly there is more to uncover, but there is only so much that can be tracked through Tornado Cash," he wrote.

CoinGape and Binance publicize scam recovery address after Nomad hack

After the August 1 Nomad bridge exploit, Nomad created an address where people who took money out of the bridge could return it.

However, that was not the address that CoinGape published in their article titled "Breaking: Nomad Announces ENS Address And Bounty For Returning Funds" article, which was syndicated to Binance's news feed. Instead, they indicated that people should send funds to a different address, a scammer who had been sending on-chain messages to various people who took money out of Nomad during the exploit, asking they return it.

Although CoinGape removed the article fairly quickly, it remained live on Binance's site for over an hour. Fortunately, it doesn't appear anyone besides the writers have fallen for the scam, as no cryptocurrency has been sent to the address.

No JavaScript? That's cool too! Check out the Web 1.0 version of the site to see more entries.