TLDR:
Scam Sniffer’s investigations indicate links between Inferno Drainer, a prolific multichain fraud vendor, and numerous phishing attacks, which charges a fee of 20% of the pilfered assets.
As of now, a sum of $5.9 million has been siphoned off across multiple chains, affecting nearly 4,888 victims.
Frauds masquerading as legitimate services are alarmingly becoming commonplace in the crypto space.
Cybercrime is a continually evolving beast, with the latest entrant being Inferno Drainer, responsible for massive financial thefts and privacy violations. Inferno Drainer, a phishing scam notorious for depleting victims’ assets, has recently been thrust into the crypto limelight.
This ingenious “fraud-as-a-service” scheme has already expropriated a staggering $5.9 million since March, highlighting the critical need for heightened alertness and strong security protocols.
Behind the Mask of Inferno Drainer
Inferno Drainer, shrouded in secrecy and operating within the shadowy corridors of the dark web, is quickly becoming infamous. The group orchestrating this fraud-as-a-service operation remains enigmatic, utilizing high-tech methods to elude the radar of law enforcement bodies and cybersecurity professionals.
Web3 scam-detection company, Scam Sniffer, reports that Inferno Drainer, a new fraud-as-a-service, has purportedly swindled almost $6 million from unwary crypto users. The service claims to supply scammers with ready-to-deploy code to facilitate crypto theft, charging a 20% commission on the stolen assets.
Inferno Drainer primarily employs sophisticated phishing techniques. The scam involves mimicking trusted websites, like banking gateways or crypto exchanges. Victims are tricked into revealing their sensitive login details and personal data, which are subsequently exploited by the fraudsters.
Unmasking the Fraud
The scam service was unearthed by security enthusiast and pseudonymous Twitter user 0xSaiyanGod. After encountering a promoter of Inferno Drainer on the Scam Sniffer Telegram channel, 0xSaiyanGod alerted the channel, sparking an investigation.
Scam Sniffer identified a screenshot of a $103,000 drain transaction facilitated by a Permit2 exploit, a variant of a phishing scam that manipulates the token approval process. A hunt for the transaction hash in the screenshot led the team to the fraudster’s address, linked to over 689 phishing sites created since March 27. These sites had collectively stolen $5.9 million from victims across various networks, including Ethereum, Arbitrum, Polygon, and BNB Chain.
Scam Sniffer compiled the corroborating data into a Dune analytics dashboard. Inferno Drainer, per reports, promotes its “service” to hackers for a 20% cut of their proceeds. It also offers to construct phishing sites for a 30% fee but exclusively for “good customers or people with big potential.”
As of now, around $5.9 million has been stolen across different chains, victimizing approximately 4,888 individuals. The Mainnet accounts for $4.3 million, Arbitrum for $0.79 million, Polygon for $0.41 million, and BNB for $0.39 million.
An evaluation of the on-chain funds collection addresses suggests that about 1,699 ETH was filched and divided amongst five main addresses, each holding a balance of roughly 300-400 ETH.
The crypto community has been grappling with an influx of services-as-scams. A similar service, “Monkey Drainer,” was uncovered by ZachXBT in October, having stolen at least $1 million in ETH before shutting down in March. Earlier, Scam Sniffer brought to light a comparable “Scam as a Service” called Venom Drainer, which swindled $27 million from 15,000 victims. It had created 530 phishing sites targeting about 170 brands.