Cryptocurrency-related thefts are unfortunately common in the decentralized finance (DeFi) sector and the world of non-fungible tokens (NFTs). However, a new and alarming trend has emerged with the rise of a sophisticated crypto phishing service called Inferno Drainer. This scam-as-a-service operation has quickly gained notoriety for its ability to drain victims’ resources, having already stolen a staggering $5.9 million since March. The prevalence of such scams highlights the urgent need for increased vigilance and robust security measures in the crypto community.
Operating in the shadows of the dark web, the group behind Inferno Drainer remains elusive and employs advanced techniques to evade detection by law enforcement agencies and cybersecurity experts. This anonymity adds to the challenge of combating their malicious activities.
How does Inferno Drainer operate?
According to reports from Scam Sniffer, a web3 scam-detection firm, Inferno Drainer operates by offering ready-to-use code that enables scammers to steal cryptocurrencies in exchange for a 20% share of the ill-gotten gains. The service primarily focuses on multi-chain scams and boasts a vast network of over 689 phishing websites. These websites target various prominent crypto and NFT projects, including Pepe, Bob, MetaMask, OpenSea, Collab.Land, LayerZero Labs, and many others.
The operating method of Inferno Drainer revolves around sophisticated phishing tactics. The scammers create convincing replicas of well-known websites, such as banking portals and cryptocurrency exchanges, to trick unsuspecting victims into revealing their sensitive login credentials and personal information. Once scammers obtain this valuable data, they exploit it to access and drain the victims’ digital assets.
The discovery of Inferno Drainer came to light when a suspected user of the service, known as “Mr. Inferno,” appeared in Scam Sniffer’s Telegram group. This led to the exposure of websites promoting scamming services and further investigation into the extent of the operation.
Scam Sniffer conducted a thorough analysis of both on-chain and off-chain data to assess the impact of Inferno Drainer. The findings revealed that the service primarily targeted popular blockchains, including the Ethereum mainnet, Arbitrum, BNB Chain, and Polygon. The total amount stolen through Inferno Drainer thus far is estimated to be $5.9 million, with $4.3 million stolen from the Ethereum mainnet, $790,000 from Arbitrum, $390,000 from BNB Chain, and $410,000 from Polygon.
Inferno Drainer not only provides the tools and infrastructure for scammers but also operates on a revenue-sharing model. The service charges 20% of the stolen crypto assets as a fee for using their scamming software. Sometimes, they even offer to create customized phishing sites for clients, with the cost rising to 30%. However, due to high demand, Inferno Drainer selectively provides its phishing services to what it deems as “good customers” or those who have proven their potential to generate substantial profits.
The Impact of Inferno Drainer Crypto Scam
The impact of Inferno Drainer has been devastating, with approximately 4,888 victims falling prey to the scams orchestrated through the service. One victim reported losing $400,000 worth of assets and attempted to negotiate with the perpetrators by offering them 50% of the amount to avoid legal prosecution. However, these attempts were futile as the scammers ignored the victim’s messages.
The threat actors behind Inferno Drainer have utilized five cryptocurrency addresses currently holding between 250 and 400 ETH each to distribute the funds collected from their illicit activities. By maintaining funds across multiple addresses, they aim to obfuscate their activities and make tracking and recovery efforts more challenging.
How to Avoid Being Scammed?
Given the ever-evolving nature of cryptocurrency scams, cryptocurrency holders must remain vigilant and adopt strong security measures to protect their digital assets. Some recommended practices include treating incoming messages with skepticism, verifying the sender’s identity, utilizing multi-factor authentication, keeping software up to date, and refraining from disclosing personal information online.
Additionally, hardware “cold” wallets, which store cryptocurrencies offline and separate from the internet, provide an extra layer of security. By keeping their assets offline, users can mitigate the risk of falling victim to phishing attacks or having their funds drained through other malicious means.
The rise of Inferno Drainer serves as a stark reminder of the constant threat faced by individuals and organizations operating in the crypto space. Cooperation between the crypto community, law enforcement agencies, and cybersecurity experts is crucial to combating such scams effectively. We can only work towards creating a safer and more secure environment for cryptocurrency users worldwide through collective efforts.
And finally, if you fall victim to any fraudulent crypto brokers or fake exchanges, contact our CipherTrace analysts. We can assist with tracking and tracing your digital coins and collecting evidence for the legal procedure. Book a free consultation today!