Crypto scammers are increasingly targeting the Solana (SOL), Ethereum (ETH), and Tron (TRX) ecosystems with sophisticated tactics to appear legitimate and trap even the most vigilant victims. They create flashy wallet addresses ending with ‘11111’ to prove their authenticity and lure community participants into their schemes.
Scam Sniffer, a platform exposing Web3 scams, revealed that scammers targeting the Solana ecosystem are now creating special wallet addresses ending in ‘11111’ to appear trustworthy. They shared a screenshot of a wallet address, eWxJC…11111, as evidence of this new strategy.
The warning comes as scammers have expanded their reach within the ETH, SOL, and TRX communities, often using fake AirDrops to entrap victims. Users are deceived into connecting their wallets to fraudulent websites to claim rewards, leading to a high risk of falling prey to phishing scams.
In a recent major hack attack on January 3, 2024, cybersecurity firm Mandiant’s official account was compromised and used for a crypto phishing attack. Although Mandiant regained control within hours, many followers were affected. The company shared information about the CLINKSINK driver used in the attack, which has been employed by scammers since December 2023 to siphon assets from Solana users by tricking them into approving transactions.
The campaigns linked to this driver-as-a-service (DaaS) involved 35 affiliate identities, with operators providing scripts for a 20% cut of the stolen funds. It’s estimated that over $900,000 worth of SOL has been stolen in such scams. Scammers use platforms like Twitter and Discord to share CLINKSINK-themed phishing pages, enticing victims with fake AirDrops and rewards, often mimicking legitimate crypto sources like Phantom and DappRadar, leading to unauthorized transactions and asset theft.
