Hackers masquerade as crypto news reporters
The hacking group known as ‘Pink Drainer’ has been engaging in phishing attacks by impersonating journalists in order to compromise Discord and Twitter accounts and steal cryptocurrency.
According to ScamSniffer analysts, the group has managed to compromise the accounts of 1,932 victims and steal approximately $3 million in digital assets across various blockchains. Recent targets of the group include OpenAI CTO Mira Murati, DJ Steve Aoki, and Starknet, among others.
The hackers employ social engineering tactics by impersonating journalists from well-known media outlets like Cointelegraph and Decrypt, conducting fake interviews with victims. They then trick victims into performing a KYC validation, leading them to websites used to steal Discord authentication tokens.
By intercepting two-factor authentication codes or stealing Discord tokens, the hackers can gain control of accounts without needing the users’ credentials or access to two-factor authentication codes. The attackers then become administrators of the accounts, removing other administrators and allowing them to steal digital assets and sensitive information without interruption.
In a separate incident, the Atomic Wallet, a mobile and desktop crypto wallet, suffered a security breach resulting in the loss of over $35 million in cryptocurrency assets since June 2, according to on-chain investigator ZachXBT.