Offering Malicious Script Service - XDrainer

[holydarkness]

What happened: Offering malicious script to drain crypto from its unsuspecting victims
Suspect's Profile Link: Xdrainer543tre
Suspect's Website:

Code:

https://xdrainer.xyz/

archived
Suspect's ANN thread: https://bitcointalk.org/index.php?topic=5445535.0

Additional Notes:
I initially hoped I understand their service wrongly, that they offered a service of blacklisted address so their user could proceed with caution, much like... that specific user who offered such service on neighboring sub-board. I honestly not sure if raising this thread would works against their favor by limiting their movement or I did a mistake by offerring a free advertising for their service, but I thought it's better be reported so unsuspecting people would proceed with caution.

It might be worth mentioning that --I think-- the service looks and works like the one thread in the past where the user's fund were drained after he approved a contract [can't find it although I've spent long minutes on ninjastic and generous time by manually leafing through the scam accusation and reputation board].

Some screenshot for easy view:






archived source: https://archive.fo/2mkOe

[Learn Bitcoin]

Oh, I saw a lot of Twitter handle offering 2000 BNB, 100 ETH, and many other currencies. To participate in such bounty, people need to visit their website and connect meta mask wallet. A lot of other people post on social media that they get scammed on such websites. People often get fucked up being greedy. A few weeks ago Campaign manager Julerz's wallet was drained somehow. Now they offering such a service in this forum. Unfortunately, the forum doesn't moderate scams.

[coin-investor]

Additional Notes:
I initially hoped I understand their service wrongly, that they offered a service of blacklisted address so their user could proceed with caution, much like... that specific user who offered such service on neighboring sub-board. I honestly not sure if raising this thread would works against their favor by limiting their movement or I did a mistake by offerring a free advertising for their service, but I thought it's better be reported so unsuspecting people would proceed with caution.

It might be worth mentioning that --I think-- the service looks and works like the one thread in the past where the user's fund were drained after he approved a contract [can't find it although I've spent long minutes on ninjastic and generous time by manually leafing through the scam accusation and reputation board].

You are right in posting this stuff this is new and many are not aware of this, a malicious script that is being sold is encouraging people to scam and they are no different from scam promoters, I am not aware of the existence of this kind of software and maybe in the future I run into it, you are not promoting it since it is in the scam section.
Two things will happen people will be aware of it or scammers will thank you because they can use something to scam people, but we are here to educate people about what scammers are using to scam people.

[salad daging]

Turns out they have created more and more accounts to sell these scripts on forums and it's even more dangerous if they let them but I'd love to see how we keep reporting to mods and also here that fraudulent ads are not allowed on bitcointalk forums.

There are 4 accounts advertising this fake script and 3 were found by @PX-Z with deleted threads but we can view the archives.

List
X-Drainer18 - Ban
X-Drainer13 - Ban
X-Drainer14 - Ban

Archives
[1] https://ninjastic.space/topic/5445571
[2] https://ninjastic.space/topic/5445557
[3] https://ninjastic.space/topic/5445576

[logfiles]

Good job holydarkness.

The person behind the malicious script service is not about to stop. So I suggest you report any post or profile you find promoting the link in this thread - Report Malware and Suspicious Links here so Mods can take Action !

Once you post there and report to the mods, they will act so fast and ban the profile

There are 4 accounts advertising this fake script and 3 were found by @PX-Z with deleted threads but we can view the archives.

They are actually more than that, but all have been banned except 2

[holydarkness]

Turns out they have created more and more accounts to sell these scripts on forums and it's even more dangerous if they let them but I'd love to see how we keep reporting to mods and also here that fraudulent ads are not allowed on bitcointalk forums.

There are 4 accounts advertising this fake script and 3 were found by @PX-Z with deleted threads but we can view the archives.

List
X-Drainer18 - Ban
X-Drainer13 - Ban
X-Drainer14 - Ban

[...]

I saw that the account mentioned on my opening post is already nuked too. Big applause to the community and mods who work so quickly against this persistent user.

Good job holydarkness.

The person behind the malicious script service is not about to stop. So I suggest you report any post or profile you find promoting the link in this thread - Report Malware and Suspicious Links here so Mods can take Action !

[...]

Will update this thread and reporting to Lafu's thread next time I stumbled upon them. I've set the notifier to inform me whenever some phrases used on their thread are being mentioned again on this forum, hopefully it'll work and help tackle this scammer easier.


yhiaali3, edited as suggested.

[yhiaali3]

Suspect's Website: ........

Unfortunately such scammers are hard to stop, as I can see he created many accounts after each time his account got banned.

I don't know if it is possible to prevent him from creating a new account by blocking the Ip because he will definitely use a VPN, so the only way now is to keep reporting these accounts.

As a side note, it is better to include the address of the suspect within the code:

Code:

https://xdrainer.xyz/

In order not to cause visitors to be sent to the sites by mistake.

[crwth]

I didn't know there was such a thing as this, OP. Thank you for sharing this. It's the first time I saw that drainer thing. It really is made to get people's attention that you could make money from these things. We all know that many people are really into that making money thing, and some people do it for the sake of themselves even though it causes harm to others.

You did a good thing, IMO. Also, having that exposed here in the Scam Accusations board would make others think otherwise.

[speedy963]

Tsk tsk tsk I support the notion. It's a good thing you posted this here. I remember maybe it was around November I think? when there was a massive wallet drain happened on solana platform. I think this guys are attacking every platform just earn money. For sure those who are newbies and unaware about this specially in social media would think it a normal extension that you'd only need to connect your wallet.

[Saisher]

Suspect's Website: ........

Unfortunately such scammers are hard to stop, as I can see he created many accounts after each time his account got banned.

I don't know if it is possible to prevent him from creating a new account by blocking the Ip because he will definitely use a VPN, so the only way now is to keep reporting these accounts.

They can still victimize, as long as these people can be victimized because of people's ignorance of this script they will aggressively advertise this script, not only here in Bitcointalk but on many platforms like telegram, Facebook, and another forum, the only way we can stop these hackers is to propagate and disseminate information on how these scripts work and to not use this script.
This is new to me and they will keep on creating new scripts, devices new schemes to scam and hack people because as they say scammers will always be scammers.

[holydarkness]

I didn't know there was such a thing as this, OP. Thank you for sharing this. It's the first time I saw that drainer thing. It really is made to get people's attention that you could make money from these things. We all know that many people are really into that making money thing, and some people do it for the sake of themselves even though it causes harm to others.

You did a good thing, IMO. Also, having that exposed here in the Scam Accusations board would make others think otherwise.

If I have to be honest, prior to posting this thread and take a quick google search after it, I was divided between thinking if this is a serious offer of malicious software or is this an attempt to scam a scammer-wannabe, i.e.: offering a dud software. Sure, I've stumbled upon several people sharing their story of being hacked or warning about the possible hack through telegram, but this is the first time I finally "introduced" to the software and how it works; drain-ware, is what developers and cyber-security-analysts named them.

Tsk tsk tsk I support the notion. It's a good thing you posted this here. I remember maybe it was around November I think? when there was a massive wallet drain happened on solana platform. I think this guys are attacking every platform just earn money. For sure those who are newbies and unaware about this specially in social media would think it a normal extension that you'd only need to connect your wallet.

I think this software is not exclusively threatening newbies, inexperienced --or even experienced-- BM and those who dealt with contract-approval of web3 frequently are also at risk, in a sense that they might led into the trap in guise of escrow or NFT welcome bonus. Reading this article and from what can be inferred from the scammer's suggestion, one of the MO seems to be duplicating an existing platform, so even when people researching the said platform before they connect their wallet, they'll led to believe that the phishing site is legit as they shared the same name.