- Nova Drainer is a new phishing tool that tricks users into approving unauthorized token transfers from their crypto wallets. It was developed by a group called CryptoGrab.
- CryptoGrab registered an official business called “Crypto Grab Limited” in the UK, likely to appear more legitimate even though the registration contains fake info.
- The Nova Drainer phishing sites take a 30% cut of all stolen funds as a fee, with the remaining 70% going to the scammer deploying the phishing site. This allows the tool developers to profit from the actual theft.
Crypto scammers are developing sophisticated phishing tools to steal users’ funds. One such tool, Nova Drainer, has officially registered as a business in the UK.
What is Nova Drainer?
Nova Drainer is a phishing protocol that drains cryptocurrency from victims’ wallets. It works by tricking users into visiting malicious websites and approving token transfers. The software is developed by CryptoGrab, who advertise it as a way to “steal ERC20 tokens” on Telegram and YouTube.
CryptoGrab’s Dubious Business Registration
In an unusual move, CryptoGrab registered as a business called “Crypto Grab Limited” on the UK’s Companies House registry. They likely did this to appear more legitimate and obtain extended validation certificates. However, Companies House does not verify the accuracy of filings. The listed director “Bradley Robertson” is almost certainly fake.
How the Scam Works
After investigating Nova Drainer phishing sites, CertiK found the protocol takes a 30% cut of all stolen funds as a fee. Over $7,000 worth of transactions have already occurred. The remaining 70% goes to the scammer who deploys the phishing site. This model allows the tool developers to profit while their users carry out the actual theft.
The Risks of Phishing
Wallet draining protocols like Nova Drainer pose a major threat in Web3. Over $300 million was stolen through these scams in 2022 alone. While CryptoGrab’s business registration may lend a sense of legitimacy, users should remain vigilant against phishing attempts. As cybercrime continues evolving, education is essential to stay secure.
