The New Crypto and NFT Nightmare – What or Who is it? – Cryptopolite
In the ever-evolving cybercrime landscape, a new threat has emerged that leaves individuals and businesses vulnerable to financial loss and privacy breaches – the Inferno Drainer. The Inferno Drainer phishing scam, aptly named for its ability to drain victims’ resources, has recently come to the forefront of the crypto evolution.
This sophisticated “fraud-as-a-service” operation has already stolen an astonishing $5.9 million since March, underscoring the urgent need for increased vigilance and robust security measures.
Inferno Drainer’s sophisticated phishing scam leaves millions vulnerable
Operating behind a veil of anonymity, Inferno Drainer has quickly gained notoriety on the dark web. The group behind this scam-as-a-service operation remains shrouded in mystery, using advanced techniques to avoid detection by law enforcement agencies and cyber security experts.
According to the Web3 fraud detection firm Scam Sniffer, a new scam that a service called “Inferno Drainer” has allegedly stolen nearly $6 million from unwitting crypto users. Inferno Drainer allegedly advertises that it provides fraudsters with ready-to-use code that enables them to steal crypto in exchange for a 20% share of the fraudsters’ cryptocurrency “loot”.
According to industry sources, Inferno Drainer’s modus operandi revolves around sophisticated phishing tactics. The scam involves creating convincing copies of well-known websites, such as bank portals and crypto exchanges. Unsuspecting victims are then lured into divulging their sensitive login credentials and personal information, which are then exploited by criminals.
How does it work
The scam service was discovered by security enthusiast and Twitter user alias 0xSaiyanGod, who stumbled upon a promoter of it while reading the Scam Sniffer Telegram channel. The security service launched an investigation after Saiyan reported the scammer to the channel.
Scam Sniffer discovered a screenshot of a $103,000 dump transaction using a Permit2 exploit. Permit2 exploits are phishing scams that use a streamlined variation of the token authorization process.
As reported by Scam Sniffer, the screenshot showed the transaction hash of the theft, prompting the team to search for the transaction, which led them to the address of the exploiter. Scam Sniffer then discovered that the aforementioned address was linked to over 689 phishing websites created since March 27 and had stolen $5.9 million from victims on various networks, including Ethereum, Arbitrum, Polygon and BNB Chain.
Scam Sniffer developed a Dune analysis dashboard to show the supporting data for this conclusion.
According to the report, Inferno Drainer advertised its “service” to hackers in exchange for 20% of their profits. It even offered to create phishing websites for clients in exchange for a 30% commission, but only for “good clients or people with high potential.”
Source: Scam Sniffer – This is the alleged Telegram ad for Inferno Drainer.
So far, $5.9 million has been taken by analyzing data from various chains, with around 4,888 victims. Mainnet is worth $4.3 million, Arbitrum is at $0.79 million, Polygon is worth $0.41 million, and BNB is at $0.39 million.
Based on an investigation of the collection addresses for the chain, it is estimated that around 1,699 ETH were stolen and distributed among these five main addresses. They have targeted the cash at each address at about 300-400 ETH.
Over the past few months, scams masquerading as services have become a growing problem in the crypto community. ZachXBT discovered a comparable service called “Monkey Drainer” in October. Before it was shut down in March, it stole at least $1 million in ETH from consumers.
Scam Sniffer has previously uncovered a similar type of “Scam as a Service” known as Venom Drainer. It took $27 million from 15 thousand people, with the top five victims losing $14 million in total. 530 phishing sites targeting approximately 170 brands were built.