Security experts have recently uncovered a sophisticated phishing scheme aimed at taking over Twitter and Discord accounts to steal cryptocurrency. The Pink Drainer hacking group has managed to pilfer more than $3 million from over 2000 victims, including high-profile individuals like OpenAI CTO Mira Murati, according to blockchain analysis conducted by Scam Sniffer.
The scammers behind this operation are employing unconventional social engineering tactics. By posing as journalists from reputable outlets such as Decrypto and Cointelegraph, they are able to gain the trust of their targets. This elaborate ruse involves a multi-day process that culminates in a KYC authentication request, which then leads to phishing attacks related to Discord.
In one such instance, the scammers trick Discord administrators into opening a malicious verification bot named Carl, which contains embedded malicious code. This code is designed to steal the victim’s Discord token, providing the hackers with unauthorized access to the account. Once inside, the hackers remove other administrators, elevate their privileges to admin status, and engage in activities that prompt Discord to suspend the account.
As of now, the Pink Drainer group has compromised 2307 victims and siphoned off nearly $3.3 million, with one individual losing as much as $300,000 in a single attack. Discord accounts have become an increasingly attractive target for cybercriminals, with previous incidents involving malicious npm packages and unauthorized access to Discord’s support ticket system.
It is crucial for users to remain vigilant and practice good cybersecurity hygiene to safeguard their online accounts and assets from such threats. Organizations should also implement robust security measures to protect their platforms and users from falling victim to sophisticated phishing campaigns like the one orchestrated by the Pink Drainer group.