Crypto security firm CertiK has warned that a known wallet drainer has transferred funds to a licensed crypto tumbler Tornado Cash.
In an alert on May 27, CertiK said two Externally Owned Addresses (EOA), 0x546 and 0x108, had deposited 20 Ether (ETH) into Tornado Cash with a market value of $36,473.
![Source: Twitter](https://crypto.news/app/uploads/2023/05/image-87.png)
According to the alert, the funds came from: wallet drainera malicious file that automatically moves cryptocurrency from an unsuspecting visitor’s wallet to a phishing site.
CertiK claimed that the originating address of the funds was a known wallet drainer, but did not disclose any past exploits associated with it.
Scammers post phishing links on Nahmii Discord channel
This was not the only warning issued by CertiK over the weekend as hackers and abusers continue to attack the crypto platform.
The on-chain security firm also warned users about a fake token airdrop link posted on the Layer 2 (L2) protocol Nahmii’s Discord channel. CertiK warned Nahmii users not to click on links leading to another known wallet leak.
![Source: Twitter](https://crypto.news/app/uploads/2023/05/image-86.png)
Nahmii is a L2 protocol on Ethereum that provides transactions for decentralized applications (dApps). We use a hybrid consensus mechanism that combines Proof of Stake (PoS) and Proof of Transfer (PoT) to achieve finality and security.
Its native NII token will be used for staking, governance and fee settlement on the network. CertiK has advised Nahmii users not to click on any links until the Nahmii team confirms that they have regained control of the server.
CertiK also drew the attention of cryptocurrency users to a fake Refund (RFD) airdrop allegedly promoted on Twitter by the account @Arnoldty_eth, which has over 8,000 followers.
![Source: Twitter](https://crypto.news/app/uploads/2023/05/image-88.png)
The account promoting the alleged fraud posted instructions on how to claim the RFD airdrop, including visiting a website provided by CertiK. claimed Phishing contract, connected to 0x146.
Recently, cryptocurrency scammers have been using active cryptocurrency Twitter accounts, either knowingly or unwittingly, to facilitate phishing scams.
On May 26, hackers hijacked the popular Twitter account @steveaoki and used it to promote a fake airdrop that cost unsuspecting users over $170,000. Other accounts, such as @eth_ben, compounded the scam, unwittingly promoting fake promotions for more people to see.