The team behind a crypto wallet draining scam-as-a-service has registered as a private business in the UK, according to a tweet yesterday by blockchain security company Certik.
CryptoGrab – provider of the Nova wallet drainer – recently registered as a private company in the UK.@CompaniesHouse you may want to take a look at thishttps://t.co/otmbWd1pNX
— CertiK Alert (@CertiKAlert) February 22, 2024
Certik’s tweet links to a British government page listing “CryptoGrab” as an incorporated company as of January 17, 2024.
CryptoGrab is the developer of the Nova wallet drainer. Scammers use wallet drainer applications to steal vast amounts of crypto.
They typically target victims via phishing sites. These are malicious websites that appear legitimate, often tricking people into connecting their wallets and transferring funds.
“We are an official company” boasts one blog post by the nefarious company.
The webpage includes a scan of its Companies House registration, the government agency that oversees business registrations in the UK.
An affiliated Telegram channel brazenly markets the software as a drainer that “steals ERC20 tokens” and “steals ETH.”
In a report by CertiK that was read and cited by Cointelegraph, CertiK’s investigations of CryptoGrab’s Nova Drainer concluded that the company charges clients “approximately 30% of the stolen funds” as a fee for itself. To date, around 7,000 transactions have passed through the wallet drainer’s smart contracts, according to the report.
While Companies House is an arm of the British government, and consequently doesn’t allow registered companies to commit fraud, it lacks the power to investigate suspected offenders.
Draining Scams In The News
Crypto wallet drainers have frequently made the news this year.
In January, crypto security firm Scam Sniffers reported that wallet drainers had looted $300 million from over 324,000 users in 2023. Furthermore, the report said that wallet draining activities appear to be growing.
Ranking the draining apps, Scam Sniffers placed Inferno Drainer on top of the list, with $81 million stolen from 134,000 users. Inferno quit while it was ahead and ended its scam-as-a-service operations as of late November, 2023.
MS and Angel Drainer were next on the ladder with $59 million and $20 million from 63,000 and 30,000 respectively. Dishonourable mentions include Monkey, Venom, and Pink Drainer.
Scam Sniffer tweeted later that month that wallet drainers accounted for $4 million stolen on Solana in just one month.
1/ 🚨 Over $4M in assets have been stolen by sophisticated Solana wallet drainers, and nearly 4k users have fallen victim to these phishing attacks in the past month. pic.twitter.com/qyNQthr7Wk
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 13, 2024
Singaporean authorities have been among the first to respond to the novel and evolving threat.
Last month, the Singapore police force and the Cyber Security Agency of Singapore issued a joint statement warning about the growth in wallet drainer activity.
This year looks set to increase these concerns.
A phishing campaign last month targeted victims with phoney communications from Web3 brands like WalletConnect, Token Terminal, and CoinTelegraph.
The campaign looted at least $580,000.
In another attack, crypto phishing group Angel Drainer stole $400,000 from 128 wallets in a single day this month.
Read the full article here