New Eleven Drainer attack: threat to crypto wallets
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
A new, insidious wallet-emptying scheme has made its appearance in the crypto underground environment, increasing the pressure on an ecosystem already grappling with an unstoppable wave of phishing attacks.
On 9 November, SlowMist founder Yu Xian announced that his team had identified a growing number of victims linked to a group known as Eleven Drainer. According to Xian, it is a new 'phishing-as-a-service' operator that has become increasingly active in recent weeks.
His observations indicate that the operators are expanding their reach and refining their techniques, prompting SlowMist researchers to examine whether the group has introduced more advanced exploitation methods.
SlowMist Founder Tweet; Source X
The Black Market of "Phishing-as-a-Service" Expanding
Eleven Drainer joins a crowded landscape of professional "draining" service providers, such as Angel and Inferno Drainer. In recent years, this industry has flourished because it allows fraudsters to conduct large-scale malicious operations with minimal effort.
These phishing 'kits' provide everything an attacker needs, including website replicas, deceptive social media accounts, smart contract scripts, and automated workflows.
In return, the operators pocket a percentage of the stolen funds. As a result, these malicious actors have become the backbone of modern phishing crypto campaigns. In 2024, drainers were responsible for an estimated $494 million in losses, a 67 per cent jump from the previous year.
The User's Discipline: The Only True Defence
Despite the increasing sophistication of these groups, security specialists emphasise that user behaviour remains the weakest point in most incidents.
According to them, attackers leverage hasty decisions and misleading requests. In addition, they employ social engineering tactics to convince users to sign off on asset withdrawals without noticing the warning signs.
Xian emphasised this reality, noting that "there is not much to mention about defence" beyond disciplined online behaviour. His advice follows a clear logic: always avoid unfamiliar websites, scrutinise every wallet signature request, and refuse to approve transactions under pressure.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)
The DeFi Abracadabra protocol was hit by its third major exploit since the beginning of 2024, with attackers draining around $1.7 million by circumventing a smart contract credit check.
SBI Crypto, part of Japan's largest digital asset conglomerate, was hacked for $21 million in Bitcoin, Ethereum and other assets, with blockchain researchers
A new, insidious wallet-emptying scheme has made its appearance in the crypto underground environment, increasing the pressure on an ecosystem already grappling with an unstoppable wave of phishing attacks.
On 9 November, SlowMist founder Yu Xian announced that his team had identified a growing number of victims linked to a group known as Eleven Drainer. According to Xian, it is a new 'phishing-as-a-service' operator that has become increasingly active in recent weeks.
His observations indicate that the operators are expanding their reach and refining their techniques, prompting SlowMist researchers to examine whether the group has introduced more advanced exploitation methods.
The Black Market of "Phishing-as-a-Service" Expanding
Eleven Drainer joins a crowded landscape of professional "draining" service providers, such as Angel and Inferno Drainer. In recent years, this industry has flourished because it allows fraudsters to conduct large-scale malicious operations with minimal effort.
These phishing 'kits' provide everything an attacker needs, including website replicas, deceptive social media accounts, smart contract scripts, and automated workflows.
In return, the operators pocket a percentage of the stolen funds. As a result, these malicious actors have become the backbone of modern phishing crypto campaigns. In 2024, drainers were responsible for an estimated $494 million in losses, a 67 per cent jump from the previous year.
The User's Discipline: The Only True Defence
Despite the increasing sophistication of these groups, security specialists emphasise that user behaviour remains the weakest point in most incidents.
According to them, attackers leverage hasty decisions and misleading requests. In addition, they employ social engineering tactics to convince users to sign off on asset withdrawals without noticing the warning signs.
Xian emphasised this reality, noting that "there is not much to mention about defence" beyond disciplined online behaviour. His advice follows a clear logic: always avoid unfamiliar websites, scrutinise every wallet signature request, and refuse to approve transactions under pressure.
Read Next
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
North Korea: The Ultimate Cyber-Attack? Evasive Malware and Blockchain in the Crosshairs.
According to Cisco Talos and Google, the North Korean groups Famous Chollima and UNC5342 are employing new strains of decentralised malware (such as EtherHiding and the BeaverTail/OtterCookie pair)
Abracadabra Hit by Third Exploit in Two Years, Losing $1.7M
The DeFi Abracadabra protocol was hit by its third major exploit since the beginning of 2024, with attackers draining around $1.7 million by circumventing a smart contract credit check.
Japanese Mining Giant SBI Crypto Hit by $21 Million Breach
SBI Crypto, part of Japan's largest digital asset conglomerate, was hacked for $21 million in Bitcoin, Ethereum and other assets, with blockchain researchers