Mandiant Social Media Account Compromised in CLINKSINK Cryptocurrency Drainer Campaign

January 11, 2024.

On January 3, 2024, cybersecurity firm Mandiant’s X social media account was breached, leading to the dissemination of cryptocurrency drainer phishing links. While control was regained and investigations showed no compromise of Mandiant or Google Cloud systems, a subsequent blog post detailed the emergence of the CLINKSINK drainer in campaigns targeting Solana (SOL) cryptocurrency users.

The campaigns, involving at least 35 affiliate IDs, utilize a drainer-as-a-service model, with operators providing scripts to affiliates who receive a share of the stolen funds, estimated at over $900,000 USD. Social media and chat applications, including X and Discord, are employed to distribute phishing pages enticing victims with fake token airdrop-themed lures, ultimately leading to the theft of funds through the CLINKSINK JavaScript drainer code.

Read Mandiant’s blog post for a deep technical dive on the CLINKSINK drainer.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top