Cybersecurity firm Mandiant has released a report detailing the exploitation of Solana users through a campaign known as CLINKSINK. The drainer campaigns have resulted in the loss of nearly $1 million worth of SOL tokens.
The CLINKSINK campaign involves malicious actors using drainers – malicious scripts and smart contracts – to steal funds and digital assets, including non-fungible tokens (NFTs), from victims’ cryptocurrency wallets. These campaigns have been active since December 2023 and have used at least 35 affiliate IDs associated with a drainer-as-a-service (DaaS) utilizing CLINKSINK.
The campaign distributes cryptocurrency-themed phishing pages through social media platforms and chat applications like Discord. These pages, posing as legitimate cryptocurrency resources, entice victims to interact with the CLINKSINK drainer. Once victims connect their wallets to claim a supposed token airdrop, they are prompted to sign a transaction that allows the drainer service to drain funds from their wallets.
Mandiant’s investigation found that the stolen funds are split between the affiliate and the service operator(s) based on a predetermined percentage. On average, 80% of the stolen funds go to the affiliate, while the remaining 20% go to the operator(s). The operator’s cut can vary between 5% and 25%, potentially influenced by factors such as partnerships or reduced fees for successful affiliates.
Since the end of December 2023, at least 1,491 SOL tokens and numerous underlying tokens, with a combined value of over $180,000, were traced to a specific Solana address associated with the DaaS operator. Mandiant estimates that these recent campaigns have stolen at least $900,000 in digital assets. However, some of the funds sent to the operator’s wallet might come from their drainer campaigns or transfers not subject to the percentage split.
The report also highlights the availability and low cost of CLINKSINK drainers in underground forums, indicating a growing trend of financially motivated threat actors targeting cryptocurrency users and services. The rising value of Solana’s native cryptocurrency, SOL, has likely contributed to the surge in CLINKSINK activity. The CLINKSINK source code’s apparent leakage could enable unrelated threat actors to conduct independent draining operations or establish their own DaaS offerings.
As the value of cryptocurrencies continues to rise, Mandiant predicts an increase in financially motivated threat actors conducting drainer operations. The ease of access and potential profitability of these campaigns make them an attractive prospect for cybercriminals of varying levels of sophistication. Cryptocurrency users and investors are urged to exercise caution and employ robust security measures to protect their digital assets. Increased awareness and vigilance within the cryptocurrency community will be crucial in mitigating the risks posed by the CLINKSINK drainer and similar threats.
Disclaimer: The article is provided for educational purposes only. It does not represent the opinions on whether to buy, sell or hold any investments and naturally investing carries risks. You are advised to conduct your own research before making any investment decisions. Use information provided entirely at your own risk.
This News Article was automatically generated by Bob the Bot (AI)
| Information | Details |
|---|---|
| Geography | Global |
| Countries | |
| Sentiment | negative |
| Relevance Score | 1 |
| People | None |
| Companies | DappRadar, Phantom, Solana, Mandiant, BONK |
| Currencies | Solana |
| Securities | None |
