Angel Drainer: The Rise of ‘Scam-as-a-Service’ in Cryptocurrency Phishing

The year 2023 marked a significant surge in phishing attacks targeting cryptocurrency wallets, highlighting the increasing sophistication of cybercriminal activities in the blockchain space. These attacks, impacting a wide range of networks including Ethereum, Binance Smart Chain, Polygon, Avalanche, and nearly 20 others, have led to substantial financial losses, totaling nearly $295 million stolen from approximately 324,000 victims.

The Sophistication of Modern Phishing Scams

The tactics used in these phishing scams have evolved significantly. Scammers have employed various methods to lure victims, including the creation of counterfeit websites that mimic legitimate cryptocurrency platforms. These sites often use malvertising schemes, exploiting the vulnerabilities in ad networks to spread malicious content. Unsolicited emails and social media messages are also common tools for these scams.

In one notable instance, fake ads for cryptocurrency platforms on Google and X (formerly Twitter) redirected users to these fraudulent sites, leading to the draining of funds from their digital wallets. The scammers induced users to interact with malicious smart contracts under the guise of claiming airdrops, which stealthily increased the attacker’s allowance through functions like ‘approve’ or ‘permit,’ thereby granting them access to the victims’ funds.

The ‘Scam-as-a-Service’ Model

Central to this surge of phishing attacks is the emergence of the ‘Scam-as-a-Service’ model, similar to the already prevalent ‘Ransomware-as-a-Service’ model that has been plaguing the community over the past few years. Threat actor groups like Angel Drainer and Inferno Drainer, which recently announced its shutdown, have been instrumental in facilitating these scams. They provide wallet-draining scripts and other services to other cybercriminals, charging a percentage (typically 20-30%) of the stolen amount as their fee.

Core Features of the ‘Scam-as-a-Service’ Model

  1. Tool Provisioning: At the heart of this model is the provision of tools and scripts that enable other criminals to carry out cryptocurrency wallet phishing. These tools are sophisticated and tailored to exploit vulnerabilities in various blockchain networks and digital wallet systems. They include wallet-draining scripts that can siphon funds from unsuspecting victims’ wallets.
  2. Business-Like Operations: The entities behind these services operate in a manner reminiscent of legitimate businesses. They have service offerings, pricing models (often a percentage of the stolen funds), customer support, and even marketing strategies. This business-like approach enhances their appeal and accessibility to a broader range of criminals, not just those with advanced technical skills.
  3. Revenue Model: Revenue is generated by taking a cut from the stolen funds. Groups like Angel Drainer and Inferno Drainer are known to charge around 20% to 30% of the stolen cryptocurrency. This model incentivizes the continual improvement of their tools to ensure higher success rates in theft, thus maximizing their earnings.
  4. Anonymity and Security: These services operate with a high degree of anonymity. Communication is often conducted over encrypted channels, and transactions are made using cryptocurrencies, which can be further obscured through techniques like mixing or laundering. This makes it difficult for law enforcement to track and identify the individuals behind these services.
  5. Adaptation and Evolution: The ‘Scam-as-a-Service’ model is highly adaptable, with service providers constantly evolving their tools and techniques to bypass emerging security measures and exploit new vulnerabilities. This continual adaptation means that the threat they pose is always changing, requiring constant vigilance from cybersecurity professionals.
  6. Collaboration and Community: These services foster a sense of community among cybercriminals. There is often collaboration and sharing of best practices within this community, further enhancing the effectiveness of their scams. This collaborative aspect also means that when one service shuts down, as seen with Inferno Drainer, others quickly emerge to fill the void, perpetuating the cycle of cybercrime.

In response to these threats, the crypto community and cybersecurity experts have been advocating for enhanced security measures. They recommend the use of hardware wallets, which are considered more secure than software wallets, as they store the user’s private keys in a physical device, making it harder for hackers to access them remotely.

Furthermore, verifying the legitimacy of smart contracts and regularly reviewing wallet allowances for any signs of suspicious activity are crucial steps in mitigating the risks posed by these scams. Platforms like Scam Sniffer have emerged, specializing in the detection and analysis of such scams, and providing crucial information for users to protect themselves.

The Implications for Cybersecurity

The emergence of the ‘Scam-as-a-Service’ model signifies a significant shift in the cybercrime landscape. It highlights not only the increasing sophistication of cybercriminals but also their ability to organize and operate in a manner akin to legitimate businesses. This presents new challenges for cybersecurity, necessitating innovative and proactive approaches to detection, prevention, and enforcement. As this model continues to evolve and adapt, it becomes increasingly important for individuals and organizations to remain vigilant, employing advanced security measures and staying informed about the latest trends in cybercrime.​

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.