2 min read

Over 2,000 Hacked WordPress Websites Infected with Crypto-Draining Malware


April 09, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Over 2,000 Hacked WordPress Websites Infected with Crypto-Draining Malware

Threat actors compromised over 2,000 WordPress websites in recent attacks, turning them into crypto-draining portals. Impacted websites now promote rogue NFT deals and discounts, enticing unsuspecting visitors to connect their wallets.

Perpetrators compromised roughly 1,000 WordPress websites to push crypto-draining malware promoted via YouTube videos and malvertising, website security firm Sucuri said in a report last month.

From Brute-Forcing to Crypto-Draining

However, these numbers are likely unsatisfactory for the attackers, who started pushing new scripts on compromised websites to weaponize visitors’ web browsers, turning them into brute-forcing tools to probe admin passwords at other websites.

The second wave of attacks reportedly involved approximately 1,700 brute-forcing websites, likely aiming to create a large enough pool of sites for extensive monetization.

Threat actors quickly revamped the cluster of compromised websites, lacing them with fake pop-up NFT discounts and other phony cryptocurrency offers.

Over 2,000 WordPress Websites Laced with Crypto Drainers

Over 2,000 compromised websites are reportedly injected with these crypto drainers. While not all of them push the pop-up scams, this could change. Rogue websites load scripts from the dynamic-linx[.]com domain, the very same that Sucuri spotted in last month’s malicious campaign.

Before injecting malicious code into a website, the script checks for a specific “haw” cookie; if not found, it carries out its ill-natured operation.

Fake NFT Discounts and Crypto Offers

Once loaded, the code arbitrarily pops up fake NFT offers and other tempting crypto discounts to trick users into linking their wallets to the spiked website. The code appears to be compatible with a broad range of wallets, including MetaMask, Coinbase, Ledger, Phantom, and WalletConnect.

If a victim takes the bait and accepts the pop-up’s request to connect to their wallets, their accounts will be soon drained of funds and NFTs. The stolen assets will be sent to attacker-controlled wallets.

Dodging Crypto Drainers and Other Similar Threats

With the increasing interest in crypto, scammers have diversified their portfolio of attacks; while crypto drainers are among the most ruthless perils in the world of crypto, other dangers should not be overlooked.

Specialized software like Bitdefender Ultimate Security can protect you from phishing attempts, scam-ridden websites and other similar intrusions. Furthermore, learning more about what crypto scams are and how to avoid them can significantly boost your chances of recognizing them from a distance and dodging them effortlessly.




Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.

View all posts

You might also like