Crypto malware Angel Drainer shuts down following developer identification: report

Angel Drainer, a malware service linked to the theft of over $25 million, has reportedly been shut down after its developers were identified.

Angel Drainer, a drainage-as-a-service program, allegedly suspended its operations just two hours after cybersecurity researchers at Match Systems said they had managed to uncover the identity of the malware’s members.

🚨 De-Anonymization of Angel Drainer Members! 🚨

We are actively working to investigate the thefts involving Angel Drainer and have made progress in identifying the individuals behind this group.

🕵️‍♂️ Who is Angel Drainer?
Angel Drainer is a criminal organization. picture.twitter.com/UEzRS7kR9Q

— Match Systems (@MatchSystems) July 16, 2024

Dubai-based blockchain forensics firm Match Systems announced in a post on X on Wednesday that it has suspended services to Angel Drainer’s Telegram channel, although it is not yet clear whether Match Systems has reported the malicious actors to law enforcement as the firm continues to collect data.

“We continue to collect data and work to identify other identities involved in this criminal gang.”

Matching Systems

Angel Drainer is a JavaScript-based malware used by cybercriminals to drain crypto wallets. It works by running phishing scams that trick users into giving token approval, allowing the scammers to steal their assets.

Drainer first went under the radar in late 2023 and gained popularity in early 2024 when analysts at blockchain security firm Blockaid warned that Angel Drainer was introducing a new attack vector using a protocol to conduct a new confirmation farming attack via the Queue Pull mechanism.

In February, Blockaid estimated that Angel Drainer had stolen $25 million worth of crypto from around 35,000 wallets, suggesting that the malware was likely behind “high-profile leaks” like the Ledger Connect Kit and the Restake Farming attack.