Inferno Drainer: How a Scam-as-a-Service Stole $6M and What We Can Learn From It

Cyberpunk city with neon signs, shadowy figures exchanging crypto, permits illuminating in the darkness, smoky atmosphere, contrasting light and dark areas, sense of danger and temptation, suspicious characters, glowing Ethereum, Polygon, and BNB Chain logos in the background, a Scam Sniffer detecting the fraud, tense mood, chiaroscuro play of light.

A scam-as-a-service company has reportedly drained approximately $6 million worth of crypto assets from unsuspecting users. According to a Scam Sniffer report, a scam vendor known as “Inferno Drainer” has targeted 4,888 victims across 689 phishing websites since the beginning of the year, stealing $5.9 million in assets. Remarkably, Inferno Drainer specializes in multi-chain scams and provides ready-to-go code to scammers in exchange for a 20% cut of the stolen funds.

This elaborate scam was discovered by a vigilant Twitter user (known as 0xSaiyanGod). Upon stumbling upon a promoter of the scam service while browsing the Scam Sniffer Telegram channel, the user reported the promoter, prompting the security service to launch an investigation.

Scam Sniffer then found a screenshot showcasing a $103,000 transaction facilitated by a phishing scam using a Permit2 exploit. This exploit capitalizes on a simplified version of the token approval process. With the transaction hash available, the Scam Sniffer team tracked down the exploiter’s address, which was linked to over 689 phishing websites created since March 27.

These fraudulent websites targeted various networks, including Ethereum, Arbitrum, Polygon, and BNB Chain, resulting in the theft of over $5.9 million in assets. Unfortunately, one victim alone reportedly lost $400,000 worth of assets. Upon analyzing the on-chain funds collection addresses, the report found that approximately 1,699 ETH was stolen and distributed among five significant addresses.

Crypto scams and hacks continue to victimize innocent users. A recent report by AegisWeb3 revealed that scammers amassed about 3,234 ETH (worth over $6 million) from fake airdrops in just nine months. Between August 2022 and May, these fraudulent schemes deceived 14,605 people.

April was a particularly troublesome month for the crypto community, with scammers and hackers swindling over $103 million from investors and projects. Some notable instances include the loss of $25.4 million due to the exploit of MEV trading bots, a hot wallet exploit costing Bitrue exchange $22 million, and the hack of South Korean GDAC exchange leading to a $13-million loss. According to a report by crypto security and auditing company Certik, around $74.5 million fell to crypto and DeFi exploits in April alone.

This sobering reality highlights the importance of security in the blockchain and cryptocurrency markets. Scams and hacks are impossible to eliminate completely, but by staying vigilant and following best practices, individuals and organizations can minimize their chances of falling prey to such schemes.

Source: Cryptonews

Sponsored ad