• WordPress vulnerabilities let hackers install harmful scripts that show phony pop-up ads asking people to link their cryptocurrency wallets.

• Threat actors utilize malware, movies made by AI, and hacked X accounts to spread dangerous scripts and steal cryptocurrency.

• WalletConnect protocols’ broad compatibility permits asset theft after connecting.

Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds.

Last month, Sucuri, a website security firm, disclosed that hackers had compromised approximately 1,000 WordPress sites to promote crypto drainers, which they promoted via malvertising and YouTube videos.

It is believed that the threat actors could have been more successful with their original campaign. They began deploying new scripts on the compromised sites to turn visitors’ web browsers into tools for brute-forcing the admin passwords at other sites.

A hacker deployed crypto-drainers on thousands of WordPress sites

The domain dynamic-linx.com, which Sucuri observed last month, loads the malicious scripts.

This script will check for a specific cookie (“haw”) and inject malicious scripts into the webpage if it does not exist. The malicious code randomly displays a promotional pop-up, urging victims to connect their wallets to mint a promising NFT or receive a discount on the website.

BleepingComputer tested multiple sites hosting these scripts, and while there were initially some issues with the pop-ups not attempting to connect to wallets, they eventually started to work again.

When you click the connect button, the scripts will initially display native support for the MetaMask, Safe Wallet, Coinbase, Ledger, and Trust Wallet wallets. However, they also support ‘WalletConnect,’ which supports many other wallets, significantly expanding the targeting scope.

Once visitors connect the Web3 site to their wallets, the crypto drainer steals all the funds and NFTs in the account and sends them to the threat actors. Note that when visiting websites infected with these malicious scripts, MetaMask displays a warning.

Crypto Drainers: A Growing Problem for Crypto Wallets

Crypto drainers have become a massive problem for the cryptocurrency community, with threat actors hacking well-known X accounts, creating AI videos, and using malicious advertising to promote websites that use malicious scripts.

Connect your wallet to trusted platforms to avoid losing your digital assets to crypto-drain operators and cybercriminals. Regardless of a website’s established reputation, it is prudent to exercise caution with unexpected pop-up windows, especially when they don’t align with its primary subject or design.

A month after Sucuri found nearly a thousand hacked sites used to enable brute-force attacks against other sites, BleepingComputer reports that MalwareHunterTeam discovered more than 2,000 WordPress websites injected with crypto drainers to facilitate automated fund exfiltration.

WordPress sites without the “haw” cookie were injected with malicious scripts from the same domain used in the campaign discovered by Sucuri. The scripts prompt pop-up cryptocurrency scam ads that, when clicked, show support for the Coinbase, Ledger, MetaMask, Trust Wallet and Safe Wallet wallets.

Crypto drainers then exfiltrate all cryptocurrency wallet assets once targets establish a connection between their wallets and the Web3 site.

Safeguard your crypto wallets from cybersecurity risks.

Such a development comes amid the increasing use of cryptocurrency drainers among threat actors. Some of these actors have exploited artificial intelligence videos and accounts on X, formerly Twitter, to facilitate the distribution of malicious scripts.

Cybersecurity threats are evolving, and hacking WordPress sites to deploy crypto drainers is a prime example of how sophisticated these attacks have become. Users must remain vigilant and cautious to safeguard their digital assets, only connecting their crypto wallets to legitimate and trusted sites.

Understanding the Mechanism of Crypto Drainers

Crypto-drainers exploit the trust users place in seemingly legitimate websites and services. Once malicious actors compromise a WordPress site, they inject scripts that display pop-ups or ads, tempting users to connect their crypto wallets.

These pop-ups often mimic legitimate promotions, such as discounts or exclusive NFTs. The deception is sophisticated, making detecting the scam challenging for even seasoned users.

WalletConnect, a widely used protocol that supports multiple wallets, prompts users to link their wallets once they click the connect button. This broad compatibility targets many users, increasing the likelihood of successful theft.

ALSO, READ Deepfake Scams Exposed: The Crypto Industry’s New Challenge.

Web3’s role in crypto scams

Web3 technology offers significant advancements in decentralization and security and new avenues for cybercriminals.

WalletConnect protocols streamline user experiences by integrating wallets with websites, but a compromised site can exploit this integration. The hacked WordPress sites effectively turn into traps, waiting for unsuspecting visitors to connect their wallets.

Once connected, the crypto drainer scripts fully access the user’s funds and NFTs. These scripts swiftly carry out transactions, transferring assets to the attackers’ wallets before the user can respond.

Despite their security, Blockchain transactions are irreversible due to their decentralized nature. This characteristic makes the recovery of stolen assets virtually impossible, emphasizing the need for preventative measures.

Enhancing Cybersecurity to Combat Crypto Drainers

We can take several steps to combat the growing threat of crypto drainers. Website owners, particularly those using WordPress, should prioritize securing their sites.

Regular updates, robust passwords, and security plugins can help protect against initial compromises. Monitoring for unusual activity and conducting regular security audits are crucial to identifying and mitigating threats early.

Users’ vigilance is the key to avoiding crypto drainers. Before connecting your wallet, always verify the legitimacy of the site. Look for signs of phishing or unusual behaviour, such as unexpected pop-ups or requests that seem out of context. Using browser extensions and security tools that warn against known phishing sites can provide additional protection.

Furthermore, users should consider employing hardware wallets for their cryptocurrency storage. Hardware wallets add an extra layer of security by keeping the private keys offline, making it significantly harder for hackers to gain access even if they compromise a website or device.

The importance of community awareness

Raising awareness within the cryptocurrency community about cybercriminals’ tactics is vital. Educational campaigns and resources can help users recognize potential threats and understand best practices for securing their assets. Forums, social media groups, and cryptocurrency platforms can be crucial in disseminating this information.

In conclusion, the rise of crypto scams through hacked WordPress sites signifies a growing threat in the digital space. Cybercriminals have compromised thousands of sites and are deploying new tactics, underscoring the importance of robust cybersecurity measures. Users must stay informed and exercise caution to protect their crypto wallets from these pervasive threats.