Crypto Scammers Swipe $59 Million Using ‘MS Drainer’ Wallet Service

Scam Sniffer, a blockchain security platform, reported on December 21 that con artists used a wallet draining service called “MS Drainer” to steal almost $59 million worth of cryptocurrency from victims in the previous nine months.

According to the investigation, the con artists targeted victims with bogus versions of popular cryptocurrency websites, including Zapper, Lido, Stargate, DefiLlama, Orbiter Finance, and Radient. They distributed these false versions through Google ads.

Blockchain techniques known as wallet drainers enable con artists to steal cryptocurrency from their victims and move it to themselves without the victim’s knowledge or consent. Con artists typically accomplish this by exploiting the token approval process.

In most cases, developers would charge a percentage of the profit in exchange for the use of their own software. Smart contracts enforce this cost, making it difficult to avoid payment. In March, Scam Sniffer first became aware of MS Drainer.

A member of the SlowMist security platform team was present during the investigation and provided assistance. In the month of June, on-chain detective ZachXBT presented further proof. ZachXBT discovered a phishing scheme called “Ordinal Bubbles” connected to the drainer.

The investigators discovered nine distinct phishing advertisements on Google, of which sixty percent utilized the malicious malware. Google regularly employs auditing mechanisms to prevent the uploading of phishing scam advertisements.

Nevertheless, Scam Sniffer discovered that the con artists employed “regional targeting and page-switching tactics to bypass ad audits, thereby complicating the review process.” The con artists were able to pass their advertisements through Google’s quality control systems during the review process.

Redirects on the internet were another method that the con artists employed to trick users of Google into believing that links linked to official websites. The con artists disguised the fraudulent website cbridge.ceiler.network, which has a typo of the word “Celer,” as the real URL cbridge.celer.network.

Example of an MS Drainer scam redirect. Source: Scam Sniffer

In spite of the fact that the advertisement was presented with the right spelling, the link nonetheless took the user to a fraudulent website that had the incorrect spelling. Scam Sniffer discovered 10,072 fraudulent websites using MS Drainer.

The activity level of the drainer reached its highest point in November and has since dropped to almost nothing. During its operations, the drainer successfully stole cryptocurrency worth 58.98 million dollars from almost 63,000 victims, as indicated by a dashboard created by Dune Analytics to monitor its activities.

Further examination revealed that the developer of MS DrainCrypto Scammers Swipe $59 Million Using ‘MS Drainer’ Wallet Serviceer utilized an unconventional marketing method. The developer marketed this wallet drainer on forums for a flat fee of $1,499.99, in contrast to the majority of wallet drainers that take a portion of the earnings made by scammers.

The developer offered con artists additional “modules” that could be purchased for $699.99, $999.99, or other significant amounts of money if they desired further features. The Web3 ecosystem is currently facing a serious challenge in the form of wallet drainers.

Advertisement for MS Drainer. Source: Scam Sniffer

Following the successful theft of more than $80 million from victims over the course of the software’s lifetime, the creator of the “Inferno” drainer announced on November 26 that they would be retiring the software shortly.

The developer of “Monkey Drainer,” which had successfully stolen an estimated thirteen million dollars up to that time, issued a similar declaration of retirement in the month of March.