Pink Drainer Shuts Down: How Will Fund Withdrawal Affect DeFi?

Pink Drainer, the drainer-as-a-service hacker group, announced it’s shutting down and deleting all data. Over its lifetime, Pink Drainer targeted communities and specific whale wallets. Estimates put the stolen funds between $75M and $85M, depending on the exact pricing approach. 

The Pink Drainer is a group dedicated to scamming wallet owners, usually through three main points of attack. One is through hacking or spamming high-profile social media accounts, including those of Vitalik Buterin, Crypto Bitboy, and major projects. The other is through Discord and other chats. Some used the drainer-as-a-service on fake sites, urging the user to connect a wallet. 

Buy physical gold and silver online

More than 21K users lost valuable NFT and fungible tokens

For over a year, Pink Drainer performed heists ranging from prominent to large-scale. The wallet drainer works on Ethereum, Avalanche, BSC, Polygon, Optimism, Gnosis, and Callisto Network, among others. More than 21K users lost valuable NFT and fungible tokens. 

Total amount stolen by Pink Drainer and total victim wallets affected, based on Dune Analytics data tools.

Source: Dune Analytics

The earnings of Pink Drainer come not only from the heists, but from selling the drainer-as-a-service, with 5 ETH for lifetime access. This means that the hacks of Pink Drainer are not organized but are haphazard and depend on random outreach. 

The users of Pink Drainer’s service are also not shy about their on-chain behavior. Some of the wallets even send funds to Binance for swapping. Most users are semi-anonymous, and still use their social media personas. 

How Will Pink Drainer Affect Decentralized Finance?

One effect of Pink Drainer is that its users may park some of the funds into DeFi protocols. Drainer users also often rely on Uniswap to convert the stolen funds. 

Pink Drainer is still the top 21 owner of SavingsDAI (sDAI), a token belonging to Spark Protocol. So far, the drainer wallet holds onto the funds, even days after announcing the end of exploits. 

Spark Protocol is a crypto lending aggregator, currently holding $2.36B in total value locked (TVL). The funds held by Pink Drainer will hardly affect the protocol, which is also supported by other large wallets and exchanges. 

Pink Drainer Turns Ethical Hacker

Users affected by Pink Drainer may be able to receive some respite. The official X handle made a special offer to restitute some funds, with a time limit in the past eight months. 

Some funds, however, may already be beyond reach. About two weeks ago, Pink Drainer started moving its finds. Some of the stolen ETH is just parked in idle addresses. Other transactions have reached 1 Inch Network Aggregator, and Railgun WETH Helper, a service for private and anonymous DeFi. 

Railgun is still a relatively small service, reporting $68M in total value locked. What is curious is that its TVL has grown significantly since Pink Drainer started to unload some of the funds. 

Also read: Compound Finance suffers a breach of its X account

When it comes to NFT, returning them is even more difficult. Bored Ape 7531, for instance, is already part of someone else’s collection after one of the last big attacks of Pink Drainer.

Drainer Threat is Not Gone

The threat of having a wallet drained is not gone. Pink Drainer itself warned of copycats or new links to connect wallets. 

Additional drainers are still offered to anyone and deployed via social media scams. The common thread is that all the scams offer valuable giveaways while requiring users to connect their wallets. 

Also read: Cybercriminal group “Pink Drainer” strikes again: $4.4 million theft in Chainlink

Most big projects’ social media have also warned that they will not contact users directly. However, data reveals that Inferno Drainer is still active and even more dangerous than Pink Drainer, with more than $166M in stolen funds.

Inferno Drainer also claimed it would shut down in December 2023, after setting out a story about reaching its goal. Pink Drainer seems to mimic that approach, and it is uncertain if the threat is gone for good, or will return in another iteration. 

Inferno Drainer also worked by impersonating big crypto brands and spreading a long list of domains promising airdrops or NFT.


Cryptopolitan reporting by Hristina Beeva

About the author

Why invest in physical gold and silver?
文 » A