Inferno Drainer, a new phishing scam, has reportedly pilfered about $6 million in cryptocurrencies and NFTs in weeks.
Inferno Drainer has emerged as a significant player in the domain of phishing scams, making off with nearly $6 million in various cryptocurrencies and Non-Fungible Tokens (NFTs) within a few weeks. The insidious software targets prominent projects on leading blockchains, leaving no stone unturned in its pursuit of digital wealth.
Scam Sniffer Sheds Light on Inferno Drainer’s Operations
Scam Sniffer, a platform dedicated to exposing scams, reported that Inferno Drainer, a malicious software provider, has links to scams worth several millions. The security firm achieved this by meticulously examining both on-chain and off-chain data across multiple blockchains including Ethereum, Arbitrum, and BNB Chain.
Scam Sniffer found nearly 4,888 victims, losing collectively more than $5.9 million in cryptocurrencies and NFTs. The report also highlighted that the scam siphoned off approximately 1,699 ETH, which were then scattered across five different addresses, each containing between 300 and 400 ETH.
A Suspected Inferno Drainer Member Sheds Light on Operation
The breadth of these scams came into the spotlight when a suspected member of Inferno Drainer, known as “Mr Inferno”, infiltrated a Scam Sniffer’s Telegram group. This intrusion led to the unearthing of a website advocating the scammer’s services. The website offered a Web3 malicious website scanning service for platforms, thereby helping to uncover numerous deceitful websites.
Inferno Drainer reportedly earns by charging 20% to 30% of the swindled assets in return for their malicious software. This software aids in the fabrication of fraudulent websites. Since March 27, Inferno Drainer has reportedly set up nearly 689 phishing websites. However, Scam Sniffer suggests that the operations could have started before this date based on the on-chain activity.
Inferno Drainer: Malware-as-a-Service
Inferno Drainer operates as a ‘malware-as-a-service’ offering, providing both the malicious software and site hosting while charging a percentage of the stolen amount. The most significant loss experienced by a victim was close to $400,000 in assets. This victim, in an attempt to recover some of the stolen assets, proposed that the scammer keep 50% of the stolen goods.
Last month, Scam Sniffer identified a similar ‘Scam as a Service’, Venom Drainer, which drained $27 million from 15,000 victims. The top five victims lost a staggering $14 million in total. Venom Drainer created 530 phishing sites, targeting approximately 170 brands.
Crypto Ecosystem Brands Under Threat
Well-known brands in the crypto ecosystem, including Pepe, Collab.Land, zkSync, MetaMask, and Nakamigos, have fallen prey to these scammers. The fraudsters have used approximately 220 brands to dupe users.
Despite the bearish market, crypto scams are on the rise. In fact, 2022 marked the highest year on record for crypto fraud, with 120 separate incidents reported, a 28% increase from the previous year. However, the total value lost in 2022 was less than half of that in 2021, attributed to the bear market. As per a recent study, decentralized finance (DeFi) breaches are now the most prevalent type of crypto attack.
As we navigate the vast landscape of the crypto world, vigilance and awareness are crucial in avoiding falling victim to these increasingly sophisticated phishing scams.