CLINKSINK Drainer Used by Cybercriminals to Swipe $900,000 in Solana
Since December 2023, various groups have initiated the use of the CLINKSINK drainer to illegally acquire funds and tokens from users of Solana (SOL) cryptocurrency. These drainers, composed of malicious scripts and smart contracts, facilitate the unauthorized siphoning of funds or digital assets like non-fungible tokens from victims' wallets via deceptive transactions.
Over 35 affiliate IDs are involved in these operations, connected to a drainer-as-a-service (DaaS) platform that employs CLINKSINK. The DaaS operators provide these drainer scripts to their affiliates, taking about 20% of the stolen funds as their commission. The total estimated value of assets illegally obtained in these recent episodes is believed to exceed $900,000 USD.
In the recent operations of the CLINKSINK Drainer, culprits have exploited social media and communication platforms, including X and Discord, to distribute phishing sites with cryptocurrency themes, aiming to snare victims with the CLINKSINK drainer. These sites, pretending to be legitimate crypto services like Phantom, DappRadar, and BONK, used various deceptive token airdrop schemes to trigger the malicious CLINKSINK JavaScript code, leading to the linkage of wallets and subsequent fund theft.
Victims, lured to these phishing sites with the promise of a token airdrop, are tricked into connecting their wallets. Once connected, they are subtly prompted to authorize a transaction, unwittingly giving the drainer service the ability to drain their funds.
Screenshot of $PHNTM airdrop-themed phishing page
Screenshot of DappRadar-themed phishing page
Screenshot of BONK-themed phishing page
Remain vigilant and careful when dealing with cryptocurrency transactions. Treat unsolicited offers, especially those claiming to provide free tokens or airdrops, with doubt. Make sure to verify the authenticity of websites and avoid sharing your private keys or wallet information. Remember, if an offer seems too good to be true, it probably isn't authentic. In the ever-evolving world of online security, protecting your digital assets is of utmost importance.