Jack, a Solana enthusiast using the Phantom wallet, fell victim to a sophisticated crypto drainer scam that wiped out $9,000 from his wallet almost instantly.
He informed Cybersecurity News that the incident began with an attractive Instagram advertisement touting quick profits that led him to a fraudulent website. There, a deceptive prompt tricked him into approving a transaction under the guise of receiving funds, only for malicious JavaScript, specifically “SkyDrainer.js,” to empty his holdings.
The site disappeared shortly after the drain, leaving the user shocked but determined to investigate. Using Google dorking techniques, he uncovered the drainer advertised openly on underground forums like Cracked[.]sh and the Russian hacking site LolzTeam.
A forum post on Cracked[.]sh promotes “Supreme #1 Solana Drainer,” offering free access via Telegram bots with features like best bypasses, free hosting, no warnings, cloaking, and a low 10% fee far below competitors’ rates.
Accessing the Telegram bot revealed a troubling set of pre-made tricks designed to avoid raising suspicion. Screenshots show options like “Crasher,” which crashes the approval prompt to hide transaction results; “Fake Gain,” which shows false green notifications of incoming SOL or USDT; and “Fake Return,” which pretends that funds are being withdrawn and refunded.
Phantom wallet settings in the bot further enable abuse protection modals and fake gain prompts, making scams appear legitimate.
Jack demonstrated the ease of deployment by generating a fully functional drainer site in just 3-4 clicks: selecting a template, linking nameservers, and setting a wallet address resulted in a live malicious page identical to his attacker’s.
No technical expertise is required, allowing anyone to launch attacks in under a minute. Solana drainers have proliferated, with reports of campaigns stealing millions via similar phishing on social media and fake dApps.
This case underscores the dangers of social engineering in crypto, where drainers like those linked to SkyDrainer exploit wallet approvals. Security firms note Russian ties to such kits, sold cheaply on dark web channels. Victims lose funds irreversibly on the blockchain, split between affiliates and operators (often 80/20).
Platforms like Instagram must tighten ad scrutiny, while users should verify sites, use hardware wallets, and enable transaction simulations in Phantom.
Jack withheld his transaction ID pending recovery efforts but urges maximum exposure: “This needs to warn others and pressure hosts to shut down these bots.” Crypto users, stay vigilant, and connect wallets only on trusted domains.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
