Pink Drainer, a hacking group, has been involved in a series of Discord and Twitter hacks, targeting projects such as Evomos, Pika Protocol, OpenAI CTO, and Orbiter Finance. The hackers have been sending phishing links through compromised Discord accounts, tricking users into accessing malicious websites and signing malicious signatures, resulting in the loss of their assets. ScamSniffer, an anti-scam platform, has discovered that Pink Drainer is responsible for most of the Discord hacks in the past month.
The group employs social engineering attacks to gain access to these projects. By impersonating journalists from reputable media outlets like Decrypto and Cointelegraph, they conduct interviews with Discord administrators. The interview process typically lasts for 1-3 days and requires KYC authentication, embedding phishing techniques related to Discord in the final stages. They guide administrators to open a malicious Carl verification bot and add bookmarks containing malicious code. These steps enable the theft of the user’s Discord Token.
To prolong their attacks, Pink Drainer removes other administrators, sets up a malicious account as an administrator, and conducts violations that result in the main account being blocked by Discord. Through their efforts, the type of data stolen by cybercriminals in this case amounted to approximately $3 million in assets, affecting nearly 1,932 victims across various chains such as Mainnet, Arbitrum, BNB, Polygon, and Optimism.
ScamSniffer discovered Pink Drainer through their on-chain monitor bot. One victim lost nearly $320,000 in NFTs, and the assets were transferred to an address called pink-drainer.eth, leading to the group’s identification.