Thefts involving cryptocurrencies are frequent on decentralized finance (DeFi) systems and NFT initiatives. An investigation into a recent instance revealed that Inferno Drainer, a full-fledged scam service provider, assisted multi-chain schemes in exchange for a share of the stolen assets.
Scam Sniffer, a Web3 security company, revealed that Inferno Drainer has assisted in the theft of over $70 million in cryptocurrency from 103,767 victims on several blockchains.
Malicious actors can remove money from cryptocurrency wallets with the aid of “malware-as-a-service” called Inferno Drainer. It has enabled over 689 phishing websites since March 27th, targeting a number of well-known cryptocurrency and NFT initiatives.
Fast forward to today, Inferno Drainer has said it plans to shut down for good.
Inferno Drainer announces shutdown after draining over $70M from ~103K victims. pic.twitter.com/8DwtckleiZ
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) November 27, 2023
Inferno Drainer: Security Community’s Response
The Inferno Drainer account announced its decision to shut down in a Telegram post on November 26. It said that servers would continue to run to allow users to switch to another platform.
Security enthusiast and anonymous Twitter user 0xSaiyanGod stumbled into the fraud service when perusing the fraud Sniffer Telegram channel and came across one of its promoters.
After Saiyan informed the channel about the scammer, the security staff launched an inquiry. Using a Permit2 exploit, Scam Sniffer discovered a snapshot demonstrating a $103,000 drain transaction. Phishing schemes known as “permit2 exploits” rely on an abridged token approval procedure.
1/ Inferno Drainer, a scam vendor specializing in multi-chain scams, has stolen $5.9 million in assets from nearly 4,888 victims through over 689 phishing websites targeting popular projects.https://t.co/OEjdzHm2Ls
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 19, 2023
In order to fund its wallet draining script, the platform charges between 20% and 30% of the total value of stolen assets. According to blockchain security experts, Inferno Drainer’s “drainer fees” have brought in as much as $20 million.
According to Scam Sniffer’s disclosure on Friday, the malicious software vendor is purportedly associated with thousands of frauds that have stolen millions of dollars.
Through the examination of both on- and off-chain data on Ethereum, Arbitrum, BNB Chain, and additional chains, the security company discovered 4,888 victims who lost almost $6 million in NFTs and cryptocurrency combined.
BTCUSD trading at $37,394 on the 24-hour chart: TradingView.com
More than 220 projects, including Collab.Land, Blur, PEPE, zkSync, Sui, ChainGPT, Floki, LayeZero, Lens Protocol, MetaMask, Optimism, and others, have been the victim of these phishing websites.
Meanwhile, rumors surfaced earlier this week claiming a Blast protocol pioneer had connections to Inferno. However, after examining the on-chain data, Loch, a blockchain portfolio analytics company, revealed that there was no real connection between Inferno Drainer and the address of the Blast creator.
We heard rumors that the @Blast_L2 bridge is linked to the Inferno Drainer.
Here’s what we found after analyzing the on-chain data.
One of the BLAST founders is connected to a Binance Deposit address that has connections with Inferno drainer. This is correct.
BUT that Binance… pic.twitter.com/YmVN3Xk5VB
— Loch (@loch_chain) November 26, 2023
Crypto Fraud: The Global Multi-Billion Dollar Enterprise
Over the previous few months, scams as services have grown in difficulty within the cryptocurrency ecosystem. ZachXBT found “Monkey Drainer,” a comparable service, in October. Before going down in March, it took out of users’ accounts at least $1 million in Ethereum.
Victims all over the globe have fallen prey to crypto fraud, which has recently grown into a multibillion dollar criminal specialization.
According to the Federal Bureau of Investigation, victims of crypto fraud in the United States alone reported losses of $2.6 billion last year, more than twice as much as the year before.
In contrast, a different analysis by TRM labs indicated that in the first quarter of 2023, hackers stole over $400 million in 40 separate crypto attacks. This represents a 70% decline from the same period in 2022.
Because victims are frequently too humiliated to report crimes to authorities, the actual extent of the losses is unknown.
Featured image from Pixabay