‘Monkey Drainer’ Steals $800K in CryptoPunks, Otherside Ethereum NFTs

In the midst of a rash of crypto scams that have stolen millions of dollars Ethereum NFTs from unsuspecting users’ wallets, the unknown pseudonymous entity referred to as “Monkey Drainer” has claimed a new cache of valuable CryptoPunks and The other side NFTs.

The self-described “scout on the chain” ZachXBT— a pseudonymous Twitter user with a history of publishing data about crypto scams and controversial figures — shared Thursday night that Monkey Drainer had stolen 520 ETH worth NFTs from the two valuable Yuga Labs collections, totaling approximately $800,000.

Some of the NFTs were carried between several wallets and eventually sold. Based on public blockchain data visible through EtherscanThe attacker then routed 400 ETH through Tornado Cash, a crypto privacy tool for Ethereum that was sanctioned by US authorities in August and cannot legally be used by citizens.

Last week, ZachXBT reported that Monkey Drainer took approx 700 ETH value of assets from unsuspecting users who signed malicious transactions, thinking they were opting for free NFT airdrops. However, they were really scams promoted through impersonating Twitter accounts. When the victims clicked on the links and connected to theirs walletstheir belongings disappeared.

ZachXBT previously estimated that Monkey Drainer had stolen well over 3.5 million dollars value of crypto and NFTs. Monkey Drainer was also used for an exploit carried out through hijacked the Twitter account of Gabriel Leydonmanaging director i Web3 game launch Limit Break, Wednesday.

Adding this week’s attack to the tally brings the total estimated damage to over $4.3 million. But who, or what, is the Monkey Drainer? While the leaker’s identity remains unknown, ZachXBT told Decrypt via Twitter DM that Monkey Drainer “is probably one person.”

“Monkey Drainer is probably a person with a type [as-a-service] the situation, he said. “Many people are customers, though.”

In other words, other parties may be using Monkey Drainer’s playbook to perpetrate an even wider range of fraud. To further complicate the ambiguity surrounding Monkey Drainer’s identity, an influx of Twitter bots also attacked ZachXBT’s thread about the latest NFT thefts with the phrase “MONKEY DRAINER BEST – Team Monkey”.

The bizarre spam comments suggest that Monkey Drainer has a “team” of some sort, although it is unclear whether Monkey Drainer is actually one person, a group of affiliates, or a group of pseudonymous strangers using Monkey Drainer’s “toolkit” for ill-gotten gains .

Web3 security firm Wallet Guard similarly believes Monkey Drainer is a type malware-as-servicemeaning the creator of the “drainer” smart contract– that is, the code that drives NFTs and decentralized applications—sells his phishing toolkit to others.

“Monkey is selling his drainer for a 30% cut of an attack,” tweeted ZachXBT. “So other fraudsters come to him with these accounts.”

But David Schwed, COO of Web3 security firm Halborndon’t think these attacks are particularly complicated – although the drain tool still collects a lot of victims.

“The attacks are somewhat unsophisticated, and with some proper cyber hygiene, NFT holders can easily protect themselves,” Schwed said Decrypt by e-mail. “For the scam to work, the NFT holders must give the malicious actor access to complete a transaction.”

The NFT space has seen an increase in these scams during 2022. Many are shared through hacked social media accounts, which point to what collectors believe is a legitimate NFT coin or airdrop claim. Instead, they unknowingly give full access to their wallet holdings to the attacker, usually getting NFTs and crypto swipes before they realize it.

Monkey Drainer may be running amok across the Ethereum network for now, but at least one ethical hacker is trying to slow down his reign of chaos.

Crypto browser extension PocketUniverse reported that a Discord user named “blockdev” has been able to block some drain transactions initiated by Monkey Drainer by attacking the drainer’s API keys. Still, the damage from Monkey Drainer’s exploits is piling up.

ZachXBT told Decrypt he believes Monkey Drainer first started around August this year, and that whoever created the exploit may face competition from other fraudsters who want to get in on the same type of racket.

“I imagine that in the long run they will have to continually update Monkey Drainer to stay competitive or new methods will gain market share,” Zach replied when asked if the drainer could be stopped.