New Eleven Drainer attack: threat to crypto wallets
Eleven Drainer, a new phishing-as-a-service, is expanding its business. Despite the sophistication of the attacks, human error remains the main weakness. The defence lies in user discipline.
A new, insidious wallet-emptying scheme has made its appearance in the crypto underground environment, increasing the pressure on an ecosystem already grappling with an unstoppable wave of phishing attacks.
On 9 November, SlowMist founder Yu Xian announced that his team had identified a growing number of victims linked to a group known as Eleven Drainer. According to Xian, it is a new 'phishing-as-a-service' operator that has become increasingly active in recent weeks.
His observations indicate that the operators are expanding their reach and refining their techniques, prompting SlowMist researchers to examine whether the group has introduced more advanced exploitation methods.
SlowMist Founder Tweet; Source X
The Black Market of "Phishing-as-a-Service" Expanding
Eleven Drainer joins a crowded landscape of professional "draining" service providers, such as Angel and Inferno Drainer. In recent years, this industry has flourished because it allows fraudsters to conduct large-scale malicious operations with minimal effort.
These phishing 'kits' provide everything an attacker needs, including website replicas, deceptive social media accounts, smart contract scripts, and automated workflows.
In return, the operators pocket a percentage of the stolen funds. As a result, these malicious actors have become the backbone of modern phishing crypto campaigns. In 2024, drainers were responsible for an estimated $494 million in losses, a 67 per cent jump from the previous year.
The User's Discipline: The Only True Defence
Despite the increasing sophistication of these groups, security specialists emphasise that user behaviour remains the weakest point in most incidents.
According to them, attackers leverage hasty decisions and misleading requests. In addition, they employ social engineering tactics to convince users to sign off on asset withdrawals without noticing the warning signs.
Xian emphasised this reality, noting that "there is not much to mention about defence" beyond disciplined online behaviour. His advice follows a clear logic: always avoid unfamiliar websites, scrutinise every wallet signature request, and refuse to approve transactions under pressure.
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.
A new, insidious wallet-emptying scheme has made its appearance in the crypto underground environment, increasing the pressure on an ecosystem already grappling with an unstoppable wave of phishing attacks.
On 9 November, SlowMist founder Yu Xian announced that his team had identified a growing number of victims linked to a group known as Eleven Drainer. According to Xian, it is a new 'phishing-as-a-service' operator that has become increasingly active in recent weeks.
His observations indicate that the operators are expanding their reach and refining their techniques, prompting SlowMist researchers to examine whether the group has introduced more advanced exploitation methods.
The Black Market of "Phishing-as-a-Service" Expanding
Eleven Drainer joins a crowded landscape of professional "draining" service providers, such as Angel and Inferno Drainer. In recent years, this industry has flourished because it allows fraudsters to conduct large-scale malicious operations with minimal effort.
These phishing 'kits' provide everything an attacker needs, including website replicas, deceptive social media accounts, smart contract scripts, and automated workflows.
In return, the operators pocket a percentage of the stolen funds. As a result, these malicious actors have become the backbone of modern phishing crypto campaigns. In 2024, drainers were responsible for an estimated $494 million in losses, a 67 per cent jump from the previous year.
The User's Discipline: The Only True Defence
Despite the increasing sophistication of these groups, security specialists emphasise that user behaviour remains the weakest point in most incidents.
According to them, attackers leverage hasty decisions and misleading requests. In addition, they employ social engineering tactics to convince users to sign off on asset withdrawals without noticing the warning signs.
Xian emphasised this reality, noting that "there is not much to mention about defence" beyond disciplined online behaviour. His advice follows a clear logic: always avoid unfamiliar websites, scrutinise every wallet signature request, and refuse to approve transactions under pressure.
Read Next
32 Million Upbit Hack: Token Solana to Stars on the Korean Market!
Upbit suspends deposits and withdrawals after a hacker attack that embezzled 32 million in Solana tokens, causing heavy premiums in the Korean market.
UK crypto heist: convictions and self-custody risk
A heist of more than 4.3 million in cryptocurrencies in the UK calls into question the security of self-custody and the risks of the human factor.
Crypto Clash: Beijing Blames US for LuBian's 127,000 BTC Bitcoin Exploit
China accuses Washington of 'draining' 127,000 BTC from LuBian in 2020. Researchers link the exploit to a flaw in key generation.
Evolved North Korean Hackers: New Danger Level for the Crypto Sector
North Korean hackers intensify crypto fraud: GhostCall and GhostHire campaigns use AI and the impersonation of Web3 executives to distribute malware, an evolution of the Lazarus Group.