The certik blockchain security company believes it has found the true identity of at least one scammer supposedly related to "monkey drain" phishing.
Monkey Drainer is the pseudonym for a phishing scammer(s) that uses smart contracts to steal NFTs through a process known as "ice phishing."
The individual or persons behind the phishing scam have stolen millions worth of Ether ( via malicious copycat nonfungible token (NFT) minting websites to date.
In a Jan. 27 blog, CertiK said it found on-chain messages between two scammers involved in a recent $4.3 million Porsche NFT phishing scam and was able to link one of them to a Telegram account involved in selling the Monkey Drainer-style phishing kit.
Exposing Scammers
CertiK investigators uncovered two scammers, Zentoh and Kai, behind the Monkey Drainer kit
This kit is sold to prospective scammers who are looking to steal user funds using Ice Phishing
Who was involved and how? Let's see
— CertiK (@CertiK) January 28, 2023
One message revealed a person referring to themself as “Zentoh” and referred to the person who stole the funds as “Kai.”
Zentoh was seemingly upset at Kai for not sending over a slice of the stolen funds. Zentoh's message orders Kai to deposit the misearned winnings "to us."
CertiK deduced the joint wallet was the address that received the $4.3 million in stolen crypto. The company added that there is a "direct connection" between the common portfolio and "some of the largest Monkey Drain scam portfolios."
Zentoh revealed in another message the pair used Telegram to communicate. CertiK found an exact match for the alias on the email application and identified it "to execute a Telegram group that sells phishing kits to fraudsters."
The company found many other online accounts potentially related to Zentoh, including one on GitHub who posted deposits for crypto purge tools.
If the links between the accounts are lawful, it reveals the identity of a French resident in Russia.
Cointelegraph examined the potential accounts related to the person and found public accounts that appeared to be interested in cryptocurrencies. Cointelegraph communicated with the individual but did not receive an immediate response.
Cointelegraph will not release the individual's name for confidentiality reasons.
Related: Hackers take over Azuki’s Twitter account, steal over $750K in less than 30 minutes
Crypto wallet-draining phishing scams have unfortunately been used to great effect recently.
The co-founder of the Moonbirds NFT collection, Kevin Rose, fell victim to such a scam that lead to over $1.1 million worth of his personal NFTs being stolen.
The crypto wallet of the influencer known on Twitter as “NFT God” suffered a similar fate after they downloaded malicious software from a Google Result of advertising research, with high cost EPF and ETF stolen in the portfolio.