Nest Wallet CEO Loses $125,000 in Wallet Draining Scam – Source: securityboulevard.com

The co-founder and CEO of a startup cryptocurrency wallet said he lost $125,000 in crypto in a scam, becoming among the latest victims of the growing threat of wallet drainer malware that one cybersecurity firm stole almost $300 million from more than 320,000 victims last year.

In this case, Bill Lou wrote in a lengthy post on X (formerly Twitter) that he clicked on what he thought was a legitimate link in a – since removed – article on Medium that sent him to a site where he was asked to sign a message on his MetaMask wallet.

Lou wrote he was using MetaMask, a Nest Wallet competitor, because he “had a test version installed and was fixing some bugs.”

He believed he was claiming a legitimate LFG (Less Fees and Gas) airdrop – airdrops are marketing tools designed to promote cryptocurrency projects, sometimes by giving away smaller amounts of tokens or crypto – that launched this week.

“I can’t believe this is happening, I’ve always been so careful,” Lou wrote. “I saw article guide to the airdrop and follow the link to sign a message. I didn’t even question it. … This is the first time I’ve been scammed. I always read about others but you never think it could happen to you … It looked like such a simple message.”

Wallet Draining Attacks on the Rise

That said, it’s happening to a lot of people. In a report this week, researchers with Scam Sniffer – a company that offers a Web3 anti-scam solution – said that wallet drainer malware siphoned $295.5 million in crypto from 324,000 users, writing that “the scale and speed [of such attacks] have escalated alarmingly.”

Wallet draining malware is deployed via phishing schemes that trick users into signing malicious transactions, enabling the bac actors to steal assets from crypto wallet. The schemes can include not only airdrop phishing campaigns, but also scam ads, front-end attacks like DNS and supply chain attacks, and hacks on messaging sites like X and Discord.

The researchers wrote that “these phishing activities continue to attack ordinary users in various forms, leading to significant financial losses for many who unwittingly sign malicious transactions.”

They noted what they call “notable wallet drainers,” including Inferno Drainer, which accounted for $81 million of what was stolen last year, as well as MS Drainer ($59 million), Angel Drainer ($20 million), and Monkey Drainer ($16 million).

In a report late last month, security researchers with Check Point came across another campaign by a threat group they dubbed Angel Drainer, “a notorious phishing group involved in cyberattacks, particularly in the cryptocurrency space. This group has been linked to various malicious activities, including the draining of cryptocurrency wallets through sophisticated phishing schemes.”

Good Business for Bad Actors

For threat groups, it can be a lucrative venture for groups that sell wallet drainer services, which can demand a 20% fee on what those services bring in. Given that, it’s not surprising that there are hackers that are eager to get in on the scams.

Monkey Drainer was exposed by digital detective outfit ZackXBT after being in operation for six months, with Venom Drainer quickly taking over most of the group’s clientele and pulling in $27 million in stolen crypto, Scam Sniffer said.

“These wallet drainers charge a percentage of the stolen amount from hackers in exchange for providing wallet-draining scripts and other services,” the Check Point researchers wrote. “The persistence of such scam-as-a-service entities poses significant challenges to the cryptocurrency market and emphasizes the importance of robust security measures to protect users and their assets.”

LFG a Target of Scammers

In the case of Nest Wallet’s Lou, he apparently was among a number of people hit up by the LFG scam. LFG in a message on X talked about the issues, writing that they “are aware of several scam accounts impersonating us and are reporting them. Please do the same and help protect your fellow users!”

“Cryptocurrency scams appear to have become particularly prevalent on Twitter, with scammers even successfully paying for ads to appear in users’ timelines,” Tripwire, security and compliance software maker, wrote on X.

Lou received some compassionate responses as well as a fair share of criticism for an expletive-laced shot at MetaMask in his X posting and insisting that Nest Wallet “would have LITERALLY caught” the scam before he could be victimized by it.

One person noted that when visiting the same site using Nest Wallet, it “would *not* have warned you that the permit message you were about to sign would phish you.” Lou responded by saying he would test it out and fix the situation immediately.

Others recounted their own experience losing crypto to scams. That said, Lou wrote he could only blame himself for his carelessness, noting that at the time he clicked on the malicious link, it was late at night.

“I usually just use Nest Wallet which has built in tools but I was tired and careless,” Lou wrote. “Can’t blame anyone but myself.”