Crypto malware Angel Drainer shuts down following developer identification: report

As a seasoned cybersecurity researcher with over a decade of experience in blockchain forensics and malware analysis, I have seen my fair share of sophisticated attacks targeting crypto wallets. The recent takedown of Angel Drainer, a notorious drainer-as-a-service (Daas) program, is an intriguing development that has piqued the interest of researchers and security professionals worldwide.


The malicious software-as-a-service named Angel Drainer, believed to be responsible for over $25 million in reported thefts, is said to have been taken offline following the possible identification of its creators.

According to reports, Angel Drainer, a drainer-as-a-service platform, suddenly halted its activities mere hours following Match Systems’ cybersecurity team announcement that they had successfully identified the individuals behind the spread of malware using this service.

We’re currently delving into the Angel Drainer case regarding the reported thefts and have already made headway in unmasking the individuals involved.

🔍 Who are the Angel Drainers?
The Angel Drainers are a criminal syndicate that has been implicated in…

— Match Systems (@MatchSystems) July 16, 2024

On Wednesday’s X post, Dubai-based blockchain investigator Match Systems disclosed that Angel Drainer’s Telegram announcement indicated a halt in their services. However, it is undisclosed if Match Systems reported the alleged wrongdoers to the authorities as they collect more information.

“We’re still gathering information and attempting to uncover the true identities of the individuals who make up this criminal organization.”

Match Systems

Angel Drainer refers to a malicious software programmed in JavaScript that deceitful online actors exploit for emptying cryptocurrency wallets. By employing phishing tactics, Angel Drainer lures users into unwittingly authorizing token transfers, empowering the swindlers to misappropriate their digital assets.

In the final months of 2023, the drainer drew attention for the first time, and its usage spread rapidly in the early part of 2024. Notable figures in cybersecurity at Blockaid, a well-known blockchain security company, sounded the alarm as they uncovered a fresh threat: Angel Drainer had incorporated a new method for carrying out an approval farming attack via the queueWithdrawal function using a specific protocol.

In February, Blockaid reported that Angel Drainer is believed to have stolen approximately $25 million in cryptocurrency from around 35,000 wallets. This indicates that the malware may be linked to notable theft incidents such as Ledger Connect Kit and Restake Farming attacks.

Read More

Sorry. No data so far.

2024-07-17 10:16