The malware software-as-a-service Angel Drainer, associated with thefts exceeding $25 million, has reportedly ceased operations following potential identification of its developers. According to cybersecurity researchers at Match Systems, who successfully de-anonymized members of the malware, Angel Drainer, a drainer-as-a-service program, shut down its operations within two hours of the disclosure.

🚨 Deanonymization of Angel Drainer Members! 🚨

We are actively working on investigating the thefts involving Angel Drainer and have already made progress in identifying the individuals behind this group.

🕵️‍♂️ Who are Angel Drainer?
Angel Drainer is a criminal gang that has… pic.twitter.com/UEzRS7kR9Q

— Match Systems (@MatchSystems) July 16, 2024

In an announcement on Wednesday, Dubai-based blockchain forensics firm Match Systems disclosed that Angel Drainer’s Telegram channel had declared the suspension of its services. However, it remains uncertain whether Match Systems has reported the perpetrators to law enforcement, as the firm continues gathering data.

“We are actively accumulating information and striving to identify the remaining individuals involved in this criminal group.”

Match Systems

Angel Drainer, a JavaScript-based malware, is utilized by cybercriminals to drain cryptocurrency wallets. It operates by conducting phishing scams that deceive users into granting token approvals, allowing the scammers to siphon off their assets.

The drainer first came to attention in late 2023 and gained prominence in early 2024 when analysts at blockchain security firm Blockaid warned about its new attack method using a protocol for executing a unique approval farming attack via the queueWithdrawal mechanism.

In February, Blockaid estimated that Angel Drainer had stolen over $25 million worth of cryptocurrency from nearly 35,000 wallets, indicating its likely involvement in significant incidents like the Ledger Connect Kit and Restake Farming attacks.

The post Developer of Crypto Malware Angel Drainer Exposed, Shutdown Initiated appeared first on Koinreport.