All the details of the “Monkey Drainer” scam exposed by CertiK

Source: AdobeStock / kaliantye

The latest report published by the security platform certificate Two people behind a multi-million dollar scam revealed. However, the partnership between these two seems to be difficult.

a report Explain that a “number” of scammers have used a phishing toolkit known as “Drying monkeyIn the past two months. This type of fraud uses a technique calledIce trollingWith the aim of tricking users into giving scammers full access to their funds.

After an incident in November 2022, two wallets are discovered being used by two fraudsters in this type of scam: they will be two people named Zentoh and Kai.

The platform stated the following:

“Our investigation determined with a high degree of probability that Zentoh and Kai were behind a fake Porsche NFT site. This site, which uses the Monkey Drainer tool, was active for approximately two weeks during November 2022.”

The site can be permanent he consulted via web. archive. It reads that “For the first time in history, Porsche is offering an original set of hand-drawn graphics as NFTs in a free public creation available from 11.11.22.”

Don’t trust your partner

During the time the site was being promoted online, particularly on Twitter by users and bots, several people warned that the project might be a scam, with one user reporting that the site asked him for permission to spend it. Bitcoin wrapped (WBTC), according to the report. Even though the request is rejected, users still lose their money.

According to CertiK,

“A victim of this fraudulent wallet lost $4.3 million in a single transaction. This is one of the largest losses associated with a phishing exploit on ice.”

The funds were quickly transferred to another wallet, exchanged for the DAI stablecoin, and then transferred back.

The victim allegedly tried to contact the attacker to get his money back, but in return got a useless reply in Russian. However, another message was sent on the channel, this time in English, to the fraudster stating that Kai had apparently abused Zentoh’s trust, moving money from their shared wallet to one that Zentoh had no control over.

Source: CertiK

The noose is tightening around Zentoh and Kai

Another post on the channel suggests that all the details about the scam have been discussed on Telegram.

Source: CertiK

When CertiK searched for “Zentoh” on Telegram, an exact match was found: it was an account “identified as running a Telegram group selling phishing kits to scammers.” The person describes himself as the “CEO” of the NFT/Crypto Dry Chain. The channel even did a tutorial on how drainage wallets work.

In particular ,

“When we analyze the wallet presented in the demonstration video, we discover a clear connection between it and the wallet that Zentoh uses to communicate with Kai.”

Source: CertiK

And that’s not all. According to CertiK,

“Both scammers are directly linked to some of the largest scam Monkey Drainer wallets.”

Another nickname for Zentoh

Zentho could also be behind user TecOnSellix. This is a Telegram user that security researcher PhantomXSec had selected on Twitter as the seller of the Monkey Drainer phishing kit. TecOnSellix is ​​also listed as a contact in the aforementioned NFT/Crypto Drainers Telegram group.

According to CertiK,

“TecOnSellix and Zentoh may be the same person, and 0x32Moon is likely to be added to this list. TecOnSellix is ​​listed as owner of the Crypto Drainers Telegram channel (…)”

CertiK goes on to say that among the accounts on GitHub with the name “TecOnSellix”, Berish 36 Standing out:

“We have identified a number of accounts attributed to GitHub user ‘Berrich36’. If the links between these accounts are legitimate rather than false, we believe we can link them to the actual identity of Berrich36, which appears to be a French national residing in Russia.”

CertiK concluded that Kai was a relative newcomer to the process at the time of the $4.3 million theft, and that Zentoh is a “key member” in the distribution of wallet draining tools that make it easy and simple for malicious actors to steal assets from the Web 3 community. Try contacting Berrich36 for comment. If this person would like to answer the charges, we’d love to hear from them, too.

Leave a Comment