Crypto scammers are constantly developing new tactics to trap their victims. It has been identified that fraudsters targeting the ecosystems of Solana (SOL), Ethereum (ETH), and Tron (TRX) go to great lengths to appear legitimate and reliable, even targeting victims who are aware of scams. It has been revealed that these scammers create flashy wallet addresses to prove their legitimacy and lure community participants into their traps.
Scammers’ Astonishing New Strategy
Scam Sniffer, a platform that exposes Web3 scams, revealed in a post that scammers targeting the Solana ecosystem are creating flashy wallet addresses ending with ‘11111’. The post stated, “Scammers targeting the Solana ecosystem are now creating special wallet addresses ending in ‘11111’ to appear trustworthy.” Scam Sniffer shared a screenshot of a wallet address, eWxJC…11111, to prove their findings.
This information comes after scammers have begun to heavily target the ecosystems of Ethereum (ETH), Solana, and Tron (TRX). Scam Sniffer pointed out that scammers on the platform have expanded their access to the ETH, SOL, and TRX communities, warning cryptocurrency investors.
It was specifically detected that scammers trap their victims with fake AirDrops. In AirDrop scams, victims are made to connect their wallets to fake websites to receive rewards in ETH, SOL, and TRX. Considering the popularity and reputation of these cryptocurrency networks, many people are presumed to have fallen victim to phishing scams. Moreover, the situation has worsened as scammers take every opportunity to present themselves as ‘legitimate’.
Over $900,000 in SOL Estimated to Have Been Stolen
The latest major hack attack targeting the crypto world occurred on January 3, 2024, when the official account of cybersecurity firm Mandiant was hacked. Mandiant’s official account was used for a cryptocurrency phishing attack, and many links were shared. Although the cybersecurity firm regained access to the account within a few hours, many followers were victimized.
Following the incident, the company shared information about the CLINKSINK driver used in the phishing attack. According to Mandiant’s hack attack report, since December 2023, several scammers have used the CLINKSINK driver in campaigns targeting Solana users. These drivers, acting as scripts or smart contracts, trick victims into approving transactions, siphoning assets from their wallet addresses.
The statement mentioned that the detected campaigns included 35 affiliate identities associated with Driver as a Service (DaaS). DaaS operators provide affiliates with scripts in exchange for a 20% share of the stolen funds. Additionally, it is estimated that scams targeting the Solana ecosystem have stolen over $900,000 worth of SOL.
Detected phishing campaigns showed that crypto scammers used social media and platforms like Discord to share CLINKSINK-themed phishing pages and entice victims with fake AirDrops and rewards. The prepared phishing pages particularly imitated legitimate crypto sources like Phantom and DappRadar. Victims thus connected their wallets to fake platforms and unknowingly signed transactions for the fake AirDrop, allowing the CLINKSINK driver to drain funds from their wallet addresses.
