CertiK experts identify alleged architect behind Monkey Drainer phishing scheme

CertiK researchers, presumably, have uncovered the identity of one of the key participants in the fraudulent Monkey Drainer project. A quarrel among the scammers helped them.

Exposing Scammers 🚨

CertiK investigators uncovered two scammers, Zentoh and Kai, behind the Monkey Drainer kit 🐒

This kit is sold to prospective scammers who are looking to steal user funds using Ice Phishing

Who was involved and how? Let’s see 👇🧵

— CertiK (@CertiK) January 28, 2023

The project sells a toolkit for “ice phishing”. CertiK described the fraud scheme as when users Web3 are deceived into signing approvals to use a crypto wallet, granting full access to funds.

Experts identified two individuals who were most likely behind the Porsche NFT scam in November, using proceeds from Monkey Drainer.

One victim lost more than $4.3 million in USDC. The victim asked the scammer to return $4 million, keeping the remainder as the reward, and received a reply in Russian:

I’m a bit perplexed. Where did you get this USDC? Who are you? What’s going on?

One victim of this particular scam wallet lost $4.3 million in a single transaction. This is one of the most devastating losses to an ice phishing exploit.

The victim then reaches out to the wallet holding the stolen funds with an on-chain message asking to return the $4 million pic.twitter.com/eWk6C2QKIl

— CertiK (@CertiK) January 28, 2023

However, the scammer received another message in which the interlocutor, going under the handle Zentoh, called him Kai and reminded him that he must transfer 8% of the stolen funds to a wallet controlled by them.

Experts linked the alias Zentoh to a Telegram group that sells phishing kits. A tutorial video on the channel features a wallet that interacted with addresses involved in several major Monkey Drainer scams.

In the course of their research, CertiK’s experts concluded that the users under the aliases Zentoh, TecOnSellix and 0x32Moon are a single person who operates in the network selling tools for “ice phishing”.

He also controls several GitHub accounts containing repositories of fraudulent kits. Based on one of these accounts — Berrich36 — the researchers say they identified the owner. CertiK noted that this is a French citizen living in Russia.

In October 2022, on-chain sleuth ZachXBT found that Monkey Drainer drained victims’ wallets of roughly $1 million in just 24 hours.

Read ForkLog’s Bitcoin news on our Telegram — cryptocurrency news, prices and analysis.