An infamous scammer known as Monkey Drainer has drained approximately 700 ETH ($1 million) worth of crypto and non-fungible tokens (NFTs) over the past 24 hours.
The prominent on-chain sleuth known as ZachXBT first broke the news, revealing that the scammer used phishing to drain user funds. He also managed to track and highlight the activity of the hacker.
“Over the past 24 hrs ~700 ETH ($1m) has been stolen by the phishing scammer known as Monkey Drainer. They recently surpassed 7300 transactions from their drainer wallet after being around for only a few months,” the pseudonymous researcher said.
The two biggest victims, 0x02a and 0x626, cumulatively lost $370,000 after signing transactions on phishing sites run by the hacker, according to ZachXBT.
Victim 0x626 has lost the most. They held over $6.2 million worth of crypto in their wallet at the time but lost $220,000. "Luckily, they rejected the other transactions," the researcher said.
The second biggest victim, 0x02a, reportedly lost one Bored Ape Yacht Club (BAYC), one CloneX, $36,000 in USDC stablecoin, and 12 other NFTs worth in total, around $150,000.
"These victims are just two of many who’ve had their funds stolen by Monkey. The total number stolen easily surpasses $3.5m, with that number rapidly increasing by each day," ZachXBT said, sharing two main wallets that ostensibly belong to the hacker.
In phishing scams, scammers often share links to websites that impersonate genuine projects or companies designed to trick victims into handing over private credentials by offering an exciting purchase opportunity.
Web3 security network Chainabuse has specifically flagged four addresses relating to Monkey Drainer, including the monkey-drainer.eth address.
Chainabuse detailed that victims appear "to have been phished by a fake Aptos Airdrop Twitter account." For perspective, Aptos NFTs have seen a surge in demand recently, generating around $5.5 million in sales since their launch on October 18.
Along with a substantial increase in the amount of DeFi hacks this summer, there has also been an uptick in the number of phishing attempts targeting the NFT community members.
As reported, the popular NFT collection Bored Ape Yacht Club (BAYC) lost ETH 200 worth of digital assets in an exploit in early June. NFT influencer Zeneca and NFT registration platform PREMINT also fell victim to hacks in mid-July.
In mid-August, in a bid to fight spammers, Solana wallet provider Phantom announced a new feature that will burn spam NFTs sent by scammers.