Pink Drainer, a notorious group of hackers operating as a drainer-as-a-service, has made the surprising announcement that it will be shutting down and erasing all of its data. Throughout its existence, Pink Drainer has primarily targeted communities and specific whale wallets, resulting in an estimated theft of funds ranging from $75 million to $85 million, depending on the pricing approach used.
Pink Drainer’s primary method of operation involves three main points of attack. Firstly, they hack or spam high-profile social media accounts, including those belonging to individuals such as Vitalik Buterin, Crypto Bitboy, and major projects within the cryptocurrency space. Secondly, they utilize platforms like Discord and other chat services to carry out their activities. Lastly, some members of the group offer the drainer-as-a-service on fake websites, urging users to connect their wallets.
Over the course of more than a year, Pink Drainer has successfully executed numerous heists, varying in scale from prominent to large-scale. Their drainer works across multiple platforms, including Ethereum, Avalanche, BSC, Polygon, Optimism, Gnosis, and Callisto Network, resulting in the loss of valuable NFTs and fungible tokens for over 21,000 users.
The profits generated by Pink Drainer not only come from their successful heists but also from selling their drainer-as-a-service for a lifetime access fee of 5 ETH. This means that the group’s hacks are not meticulously planned but rather haphazard and reliant on random outreach.
The users of Pink Drainer’s services do not shy away from showcasing their on-chain behavior. Some of these individuals even send the stolen funds to Binance for swapping. While most users maintain a level of semi-anonymity, they still continue to use their social media personas.
The impact of Pink Drainer extends beyond individual victims, potentially affecting decentralized finance (DeFi) as a whole. Users of the drainer-as-a-service often allocate some of the stolen funds into DeFi protocols, with Uniswap being a common platform for converting these funds. Interestingly, Pink Drainer remains the largest holder of SavingsDAI (sDAI), a token associated with Spark Protocol, despite announcing the cessation of their exploits.
Spark Protocol, a crypto lending aggregator with a total value locked (TVL) of $2.36 billion, is unlikely to be significantly affected by the funds held by Pink Drainer. The protocol enjoys support from other large wallets and exchanges, ensuring its stability.
In a surprising turn of events, Pink Drainer has seemingly transformed into an ethical hacker. The official X handle associated with the group has offered to restitute some funds to affected users within a specified time limit spanning the past eight months. However, it is important to note that some funds may already be beyond recovery, as Pink Drainer has recently begun moving them. Some of the stolen ETH is currently parked in idle addresses, while other transactions have been traced to platforms such as 1 Inch Network Aggregator and Railgun WETH Helper, which specialize in private and anonymous DeFi services.
Railgun, a relatively small service with a reported TVL of $68 million, has seen a significant increase in TVL since Pink Drainer initiated the process of unloading some of their funds. Returning stolen NFTs poses an even greater challenge, as they have often already been incorporated into other collectors’ collections, as seen in the case of Bored Ape #7531 following one of Pink Drainer’s recent major attacks.
Despite Pink Drainer’s announced shutdown, the threat of wallet drainage remains. The group itself has warned of potential copycats or new links designed to trick users into connecting their wallets. Additional drainers are still being offered and promoted through social media scams. The common characteristic of these scams is the promise of valuable giveaways in exchange for connecting wallets.
Major projects within the cryptocurrency space have issued warnings that they will not directly contact users. However, data reveals that Inferno Drainer, another hacking group, is still active and even more dangerous than Pink Drainer, having stolen over $166 million in funds. Inferno Drainer has claimed that it will shut down in December 2023, using a narrative about achieving its goals. Pink Drainer’s recent actions seem to mimic this approach, leaving uncertainty regarding whether the threat is permanently eliminated or if it will resurface in a different form.
Inferno Drainer employed a similar strategy to Pink Drainer, impersonating prominent crypto brands and spreading a long list of domains promising airdrops or NFTs.
