Pink Drainer, a well-known group known for draining wallets, appears to have received a taste of its own medicine after falling victim to an “address poisoning” scam. The attack was brought to attention by crypto compliance platform MistTrack in a post on July 7. According to MistTrack, the hacking group lost 10 Ether (ETH), equivalent to around $30,000 at current prices, to a fake wallet address in late June.
Address poisoning scams occur when attackers send small amounts of cryptocurrency from a wallet with a similar-looking address to one of the target’s regular wallets, in the hopes of tricking the target into sending funds to the incorrect wallet. MistTrack explained that scammers use bots to search for new transactions and create addresses that have a few characters that resemble the target’s address. The scammer relies on the victim copying the scam address rather than their original address.
In this particular instance, the attackers sent funds from a wallet address that had an almost identical identifier to Pink Drainer’s previous wallet, successfully deceiving Pink Drainer into sending a total of 10 ETH to the fake address by accident.
This incident comes just a month after Pink Drainer made a surprising announcement on May 17, stating that it would be retiring its services after achieving its goal of helping steal over $85 million in crypto assets. According to data from Dune Analytics, Pink Drainer managed to steal $85.3 million in crypto starting in July 2023.
Although Pink Drainer may have stopped its operations, there are other drainer toolkit services, such as Angel Drainer, Pussy Drainer, and Venom Drainer, that assist malicious actors in stealing crypto assets.