Malicious crypto app Angel Drainer shut down after creators deanonymized
The program’s developers have been implicated in attacks on 35 000 users, with $25 million in damage
17.07.2024 - 12:40
679
2 min
0
What’s new? Phishing crypto app Angel Drainer has stopped working after analysts at blockchain company Match Systems said they had identified its developers. Previously, security experts Blockaid linked Angel Drainer to phishing attacks on 35 000 crypto users, with total damage of over $25 million.
What else is known? On July 16, Match Systems announced in its X-account that it had made progress in deanonymizing Angel Drainer participants, and encouraged victims to provide any information they have to help advance the investigation. Hours later, Match Systems, citing Angel Drainer’s Telegram channel, said the app had been suspended.
Angel Drainer is a malicious drainer program. Such programs allow scammers to withdraw cryptocurrency from victims’ wallets, fraudulently forcing them to confirm transactions. The developers of such programs themselves also receive a share of the stolen cryptocurrencies.
Angel Drainer has become at least the third such program to cease operations since the beginning of the year. On May 17, the Pink Drainer team, which was involved in the theft of $85 million worth of cryptocurrencies, announced its closure. On April 25, Blockaid experts reported the closure of Violet Drainer. The developer of the latter complained about the complication of working conditions: Ethereum wallets have improved the system of protection against fraud and notification of users about suspected attacks.
Earlier, the FBI said that in 2023 the volume of investment crypto fraud increased by 53%.
In March, an unidentified person lost over $717 000 in a phishing attack using the fake website Blast, one of the largest Layer 2 (L2) networks based on the Ethereum blockchain.
In April, phishing ads were discovered on blockchain explorer Etherscan’s website. Analysts speculated that the reason for the large-scale phishing campaign was the lack of oversight by ad aggregators.
Useful material?
Telegram 
Twitter Incidents
The company is linking the incident to a compromised private key on a service wallet, rather than a smart contract exploit
May 22, 2026
Incidents
Following the incident, the project temporarily halted trading operations and node activity.
May 15, 2026
Incidents
The user spent weeks unsuccessfully trying to guess the password until Claude helped find an old wallet backup file
May 14, 2026
Crypto regulations
Authorities are introducing mandatory registration for companies handling cross-border crypto transactions
May 8, 2026
Incidents
According to Blockaid, the attack may have been carried out by the same hacker behind the 1inch Fusion V1 exploit.
May 7, 2026
Incidents
The attacker gained administrative access and altered contracts to drain user funds
Apr 30, 2026
Cryptocurrency rates
-
Bitcoin
$63 470
BTC
-2.39%
-
Ethereum
$2 551.16
ETH
+3.56%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.17
XRP
-1.7%
-
TRON
$0.160134
TRX
-1.59%
-
Dogecoin
$0.088569
DOGE
-2.84%
-
Zcash
$521.02
ZEC
-13.97%
-
Stellar XLM
$0.20589
XLM
-2.09%
-
Cardano
$0.184291
ADA
-8.76%
-
Polkadot
$3.32
DOT
+5.27%