How a YouTuber stole $1.5 million using the Monkey Drainer phishing scam


A YouTuber turned phishing scammer, Blue (Jack), received one-third of funds stolen by the Monkey Drainer service. This has led on-chain investigator, ZachXBT to conclude that he has links to the Monkey Drainer scam. In a Twitter post that he made on Monday, July 10, ZachXBT told the story of how a YouTuber became a prominent member, or even the leader of the Monkey Drainer phishing group.

According to the post, Blue (Jack) became a subject of investigation after one-third of funds trailed from the Monkey Drainer exploit ended up in an address linked to him.

Zach XBT wrote, 

“An investigation into the YouTuber turned phishing scammer Blue (Jack), who has worked with Monkey Drainer and other drainer services to steal more than $1.5 million.”

Large YouTube following

The report said that prior to the time Blue (Jack) became active as a phishing fraudster, he had amassed a following of more than 120,000 people by uploading gaming and trolling content to the video sharing platform.

It added that a leaked post from his personal Snapchat account showed that he owned the ENS address, cool-breeze.eth which bought a BAYC 8668 in October 2022.


85 ETH from Monkey Drainer addresses

This is where things started getting interesting, because eight addresses linked to the Monkey Drainer scam sent 85 ETH to this same address. This amounted to a third of the funds stolen by Monkey Drainer.

Loggers mean more funds

That’s not all. Blue was in the habit of making a show of his exploits in an internal Discord server. The internal Discord shows that Blue is actually the leader of the Monkeys as his instructions to his workers show.

On one occasion, he threatened them for not doing enough to steal from people using their Money Drainer program. On October 2, 2022, he wrote,

“@everyone, Okay, I’m about to wipe out everyone here if I don’t see any DMs being sent out today. You guys are slacking. Way too hard. New logger up means more funds. Get to work!”

How the scammers work

In an earlier instruction on September 12, Blue (Cool Breeze) was seen instructing his workers on how to use the Monkey Drainer program. 

The instructions include downloading BetterDiscord and installing permission viewer.

He stated the objective of getting potential victims to join Friday Beers and verify with MEE6. He even instructed his workers never to pressurize the targets to avoid arousing their suspicion.

In step 3, he wrote, “Look at the staff list and DM people with the following permissions: Administrator and/or moderator plus Perms.

In Step 6, he said that the objective was to have these permissions join their scam server and get them to verify with their malicious exploit program, also known as Monkey Drainer.

Scammed the scammer

The story got even more interesting because Blue was robbed of his BAYC. The report alleged that he actually scammed another Monkey out of their money through a phishing scam. Like all fraudsters, losing his ENS address did not deter him from scams. He soon continued with a new ENS address. The stolen funds were spent on luxury goods and he had no issues showcasing his acquisitions, as seen from his personal Snapchat.

The report said,

“Blue specializes in spamming on Twitter with verified accounts and two of his recent thefts include stolen assets from @g13m and @ystrickler while working with two different drainers.”

The victim reacts

One of his victims reacted:

“GM ALERT My 213k $ STOLEN Scam from Twitter Verified Accounts with a you know me as a person with unlimited faith in the Web3 community. I try to make you smile every day. but today i need your support. I hope my thread will help you avoid same happening to you ”

Cloned project sites and hacked verified accounts

What happened today I saw longread from @Poopie (@Doodles cofounder) below was a message with the link from @burnttoast (doodles creator with ) thought it was the same longread I followed the link thinking that Doodles 2 has already launched & made few transactions.

I am dyslexic and didn’t notice that the Burnt Toast account was a scam. It was very similar to the original & Verified. Sadly, trusting it I used my main wallet for transactions and ended up with 213k $ stolen. Later, I learned: 1st transaction: Eth transfer; 2nd – Tether approve.

That was the victim, but where did the funds go? Your guess is as good as mine. 

“July 3, 2023 @g13m was phished for 61.5 ETH and 93.3K USDT (~$213k) by a fake Doodles site. Blue received 49 ETH and 74K USDT for himself after the drainer fee. “

Author: Miriam