A recent report reveals a significant security breach in the Solana ecosystem, with the CLINKSINK campaign orchestrating a heist of almost $1 million worth of SOL tokens. Mandiant, the cybersecurity firm, has identified this ongoing threat, indicating a growing trend in financially motivated attacks on cryptocurrency users and services.
The CLINKSINK campaign, active since December 2023, employs drainers – malicious scripts and smart contracts – to steal funds and digital assets, including non-fungible tokens (NFTs), from unsuspecting victims' wallets. Using at least 35 affiliate IDs associated with a drainer-as-a-service (DaaS) utilizing CLINKSINK, the campaign targets Solana investors.
Sample of Phantom airdrop-themed phishing page. Source:Mandiant
The perpetrators distribute cryptocurrency-themed phishing pages through social media platforms and chat applications, posing as reputable resources like Phantom, DappRadar, and BONK. Victims are enticed to interact with the CLINKSINK drainer under the pretense of claiming a token airdrop. Upon connecting their wallets and signing a transaction, the drainer siphons funds from their wallets.
Mandiant's investigation reveals a systematic division of stolen funds, with 80% going to the affiliate and the remaining 20% to the operator(s) of the drainer service. However, the operator's share can vary between 5% and 25%, influenced by factors like partnerships or reduced fees for successful affiliates.
Since December 2023, the campaigns have traced at least 1,491 SOL tokens and various underlying tokens, totaling over $180,000, to a specific Solana address associated with the DaaS operator. Mandiant estimates the total losses from these campaigns to be at least $900,000. The report warns of the growing trend of financially motivated threat actors targeting cryptocurrency users and services, emphasizing the availability and low cost of CLINKSINK drainers in underground forums.
olana price rounding the $100 Smilestone. Source:SOLUSDT on TradingView.com
With the rising value of Solana's native cryptocurrency, SOL, Mandiant predicts an increase in financially motivated threat actors conducting drainer operations. The ease of access and potential profitability make these campaigns attractive to cybercriminals. Cryptocurrency users and investors are strongly advised to exercise caution, implement robust security measures, and stay vigilant to mitigate the risks posed by the CLINKSINK drainer and similar threats.
Will the printing presses really come? If history is any guide, the answer is yes. It happened during the COVID-19 pandemic. It happened after the European debt crisis in 2010. It happened in 2008.
JinseFinanceWhat new opportunities will there be after the BTC halving? How big is the market size of BTC staking? Is this a long-term opportunity or a short-term hot spot?
JinseFinanceThe team has refuted allegations of generating excessive false positives, asserting instead that its efficacy was so pronounced that it led to the cessation of a crypto drainer due to sheer frustration.
KikyoSingapore issues advisory on growing crypto drainer threat. Urges hardware wallet use, thorough research, and prompt reporting to mitigate risks.
EdmundA sophisticated phishing attack exploits MailerLite, targeting Web3 firms and swindling $580,000, highlighting the urgent need for enhanced cybersecurity in the cryptocurrency sector
WeiliangOn Christmas Day, cryptocurrency scammers managed to siphon off a staggering $3 million from unsuspecting victims. Employing a tactic using Google Ads to direct users to fake websites equipped with wallet-draining software, these scammers continue to plague the cryptocurrency landscape with their malicious schemes.
JoyYearn Finance's recent $1.4 million loss due to a script error highlights the ongoing security challenges in the DeFi sector, despite their efforts at improvement.
BerniceInferno Drainer, a leading crypto wallet-draining service, bows out after orchestrating phishing scams that resulted in the theft of nearly $70 million in cryptocurrency. The team ensures a smooth transition for users, but concerns persist about the potential rise of new threats in the crypto underworld.
Huang BoA story of lies, inflated metrics, and where we go from here.
CharlieXYZFunds were converted to DAI stablecoins and bridged to the Ethereum network.
Coindesk