It's a dog-eat-dog world for crypto scammers.
New reports have just revealed how one individual identified crypto scammers in order to rob them of their ill-gotten funds.
Crypto scammers often employ social engineering techniques to interact with victims and convince them to part with their hard-earned money. Scammers do this either by sending funds directly to fraudsters or by providing the permissions needed to get access to wallets.
Water Labbu, the name of the individual who robbed the scammers, reportedly leveraged a similar method to steal cryptocurrencies, obtaining access permissions to their victim’s wallets. They, however, didn’t use any kind of social engineering, leaving the dirty work to the original fraudsters.
Nothing changed for the original scammer’s victims—they still were robbed. The only difference is that Water Labbu began snatching crypto from the fraudsters, diverting the funds to their own wallets.
“The request is disguised to look like it was being sent from a compromised website and asks for permission to transfer a nearly-unlimited amount of USD Tether from the target’s wallet,” reads Trend Micro’s report.
In one identified instance, the malicious script successfully drained USDT from two addresses, swapping them on the Uniswap exchange—first to the USDC stablecoin and then to Ethereum (ETH)—before sending the ETH funds to the Tornado Cash mixer.
The report also noted that Water Labbu used different methods for different operating systems. For example, if the victim loaded the script from a desktop running Windows, it returned another script showing a fake Flash update message asking the victim to download a malicious executable file.
Trend Micro said Water Labbu had compromised at least 45 scam websites, most of them following the so-called “lossless mining liquidity pledge” model, the dangers of which law enforcement agencies alerted about earlier this year.
According to security analysts, the profit made by Water Labbu is estimated to be at least $316,728 based on transaction records from nine identified victims.
Water Labbu Malware Targets Scammers to Steal Their Ill-Gotten Crypto – Decrypt