New Scam as a Service Provider: Venom Drainer

Overview

Drained $27m so far, ~15k victims. The top 5 victims lost $14m.

~530 phishing sites created, ~170 brands being targeted.

Dune: https://dune.com/scamsniffer/venom-drainer-stats

About Venom Drainer

Venom Drainer first appeared in the announcement of Monkey Drainer claiming to be offline, Scam Sniffer first spotted them on 02-18.

Blur Module

2 days after Scam Sniffer issued a warning about the risk of phishing exploits with Blur bulk listing, they claimed to have implemented a Blur-based phishing module.

Recruit People

Starting from March 20th, they try to recruit people who can send private messages or Tickets to the administrators of the well-known Crypto project Discord to participate in launching phishing campaigns with a 15% cut.

Update

On March 31, they claim to have made $10m in profits

Phishing Sites

Scam Sniffer monitored that venom created more than 540 phishing sites since 02-17.

These phishing sites target more than 170 brands, such as Arbitrum, Blur, zkSync, Optimism, and MetaMask, all of which are among those that have recently had relevant airdrops. Another Circle, USDC experienced a brief drop on March 11. These are potential scamming opportunities for them.

Target BrandPhishing Sites
Arbitrum148
Circle54
Blur36
zkSync31
Optimism22
Shibarium21
GPT18
Trust Wallet16
Collab.Land11
MetaMask10
Memes 652910
Doodles9
Aptos8
adidas Originals8
Rocket Pool6
Uniswap6
Layer Zero6
NFT Paris5
RTFKT5
Sui5
Floki5
Lens Protocol5
Mask Network5
Mocaverse4
art blocks4

View More: https://lookerstudio.google.com/reporting/9f17f931-ff15-4af1-baf7-0c89c4953310

Stolen Stats

Cause $27m lost so far, ~15k victims. And most stolen assets are ERC20 tokens.

The top 5 victims lost $14m:

VictimStolen
0x82287cdda3d1b5d26d49ce03280d07b86d54fe54$4,096,559
0xf6b6f07862a02c85628b3a9688beae07fea9c863$3,779,468
0x1963ad313f41044a9a48397f31d21bc6a3b4c643$2,970,769
0xfab576ff46bd27b095a4eee4a293ecb0c41d5a85$2,156,659
0xc53f38ae0b009bea9c96fd32767f4e4cbf10ffb6$1,244,878

View More: https://dune.com/scamsniffer/venom-drainer-stats

Phishing Methods

ERC20 – Permit / Approve

Obtain the victim’s approval through Permit or Approve, and transfer user ERC20 tokens on the chain.

Here is the case of trick users approving their token’s approval to the scammers.

NFT Listing – Seaport / Blur

Trick users to sign malicious NFT listings, these malicious listing contains a lower listing price, and usually, it will be zero. once the user sign that, their NFTs could be transferred by the listing signature. they support protocols like Seaport and Blur right now.

In the end, thanks @tay for asking about Venom Drainer which leads us to start analytics how’s stats of them, and thanks @IM_23pds @zachxbt @bax1337 for the data review!

About Scam Sniffer

Scam Sniffer is an anti-scam platform that combined off-chain and on-chain monitoring data to provide real-time anti-scam protection for web3 users.

We’ve helped well-known platforms protect their users and are committed to making web3 secure for the next billion users.

Recent Articles

Related Stories