A cryptocurrency phishing and scam service called ‘Inferno Drainer’ has emerged as a major threat, having illicitly obtained more than $5.9 million worth of cryptocurrency from 4,888 victims. Scam Sniffer, a Web3Anti-Scam firm, reported that the phishing operation has created around 689 fake websites since March 27, 2023.
Most of these fraudulent sites were launched after May 14, 2023, indicating a significant increase in site-building activity during that period. Notably, Inferno Drainer’s malicious websites target 229 prominent brands, including Pepe, Bob, MetaMask, OpenSea, Collab.Land, and LayerZero.
Scam Sniffer stumbled upon Inferno Drainer after spotting a member of the group promoting the service on Telegram, sharing a screenshot of a successful $103,000 theft to showcase their capabilities.
By investigating the transaction hash from the screenshot, Scam Sniffer linked it to known malicious addresses in their database. Inferno Drainer specializes in various fraudulent practices, such as multichain fraud, Aave token and Art Blocks draining, and MetaMask token approval exploits.
The authors of this toolkit offer a modern admin panel with customization options and even provide a trial period for potential buyers. Operators pay Inferno Drainer a percentage of their earnings, ranging from 20% to 30% for services involving the creation of phishing sites.
Scam Sniffer’s investigation into Inferno Drainer reveals that the service has been active since February 2023, with an escalation in operational volume occurring from mid-April of the same year.
The majority of the stolen assets, amounting to $4.3 million, were taken from the Mainnet. Additionally, $790,000 was seized from Arbitrum, $410,000 from Polygon, and $390,000 from BNB, resulting in a total of $5.9 million. Victims of this phishing scheme have experienced substantial losses, with one victim alone losing assets worth $400,000.
Despite attempting to negotiate by offering 50% of the amount to avoid legal prosecution, the victim’s messages were ignored by the attackers. The funds collected through attack fees are distributed among five cryptocurrency addresses currently holding between 250 and 400 ETH.
In light of these developments, cryptocurrency holders are strongly advised to exercise caution in all transactions, approach incoming messages with skepticism, verify the sender’s identity, employ multi-factor authentication for account protection, and keep software updated.
It is also recommended to refrain from disclosing personal information online and consider using hardware “cold” wallets as the primary storage for digital assets.
