Pink Drainer, a hacker group that operates as a drainer-as-a-service, has announced its closure and the deletion of all data. Throughout its existence, Pink Drainer has targeted various communities and specific whale wallets, with estimates suggesting that the stolen funds range from $75 million to $85 million, depending on the pricing approach.
The primary method of operation for Pink Drainer involves three main points of attack. Firstly, they hack or spam high-profile social media accounts, including those belonging to individuals such as Vitalik Buterin, Crypto Bitboy, and major projects. Secondly, they utilize platforms like Discord and other chat services. Lastly, some members of the group use the drainer-as-a-service on fake websites, encouraging users to connect their wallets.
Over the course of more than a year, Pink Drainer has executed heists of varying scales, targeting wallets on platforms such as Ethereum, Avalanche, BSC, Polygon, Optimism, Gnosis, and Callisto Network, among others. As a result, more than 21,000 users have lost valuable NFTs and fungible tokens.
Pink Drainer not only generates revenue from these heists but also by selling their drainer-as-a-service, which grants lifetime access for 5 ETH. This means that the group’s hacks are disorganized and rely on random outreach.
Furthermore, the users of Pink Drainer’s service do not shy away from showcasing their on-chain behavior. Some of the affected wallets even send funds to Binance for swapping. Most users maintain a semi-anonymous status and continue to use their social media personas.
The impact of Pink Drainer on decentralized finance (DeFi) is significant, as users often park some of the stolen funds into DeFi protocols. Additionally, they frequently rely on Uniswap to convert the illicitly obtained funds. Interestingly, Pink Drainer remains the top 21 owner of SavingsDAI (sDAI), a token associated with Spark Protocol. Despite announcing the end of their exploits, the drainer wallet continues to hold onto the funds, even after several days.
Spark Protocol, a crypto lending aggregator with a total value locked (TVL) of $2.36 billion, is unlikely to be heavily affected by the funds held by Pink Drainer, as it is also supported by other large wallets and exchanges.
In a surprising turn of events, Pink Drainer has transformed into an ethical hacker. The official X handle has offered to restitute some funds to affected users within a specified time frame of the past eight months. However, it is worth noting that some funds may already be out of reach, as Pink Drainer began moving them two weeks ago. Some of the stolen ETH remains parked in idle addresses, while other transactions have been transferred to 1 Inch Network Aggregator and Railgun WETH Helper, a service for private and anonymous DeFi.
Railgun, a relatively small service with a reported TVL of $68 million, has seen a significant increase in TVL since Pink Drainer started unloading some of the funds.
Returning stolen NFTs is even more challenging, as they may have already been acquired by other collectors. For example, Bored Ape #7531 became part of someone else’s collection following one of Pink Drainer’s recent major attacks.
Despite Pink Drainer’s closure, the threat of wallet draining remains. The group itself has warned of the potential for copycats or new links that prompt users to connect their wallets. Additional drainers are still available and are being promoted through social media scams. These scams typically offer valuable giveaways while requiring users to connect their wallets.
Major projects in the crypto space have also issued warnings that they will not directly contact users. However, data reveals that Inferno Drainer, another hacker group, is still active and even more dangerous than Pink Drainer, having stolen over $166 million.
Inferno Drainer has also announced its intention to shut down in December 2023, claiming to have achieved its goals. Pink Drainer appears to be mimicking this approach, leaving uncertainty as to whether the threat is truly eliminated or if it will resurface in a different form.
Similar to Pink Drainer, Inferno Drainer operates by impersonating prominent crypto brands and spreading a variety of domains that promise airdrops or NFTs.
