- Scam Sniffer discovered a $103,000 drain transaction carried out using a Permit2 exploit
- Scam Sniffer determined that a total of 4,888 victims collectively lost over $5.9 million in cryptocurrencies and NFTs
According to Scam Sniffer, a Web3 scam-detecting firm, a new scam service called “Inferno Drainer” has reportedly swindled nearly $6 million from unsuspecting cryptocurrency users. The service claims to provide ready-to-use code to scammers, enabling them to steal crypto assets. In return, Inferno Drainer takes a 20% share of the stolen funds.
The discovery of Inferno Drainer began when a pseudonymous Twitter user known as 0xSaiyanGod encountered a promoter of the service in the Scam Sniffer Telegram channel. Sensing something amiss, SaiyanGod promptly reported the scammer to the channel, leading to an investigation by the security service.
During the investigation, Scam Sniffer unearthed a screenshot that exposed a $103,000 drain transaction carried out using a Permit2 exploit—a type of phishing scam that capitalizes on a simplified version of the token approval process.
By tracing the transaction hash, Scam Sniffer managed to identify the exploiter’s address. It was discovered that this address had been linked to over 689 phishing websites created since March 27, siphoning off a staggering $5.9 million from victims across different networks like Ethereum, Arbitrum, Polygon, and BNB Chain.
Analyzing both on-chain and off-chain data, Scam Sniffer determined that a total of 4,888 victims collectively lost over $5.9 million in cryptocurrencies and NFTs. The scammers managed to steal and distribute approximately 1,699 ETH across five different addresses, each holding between 300 and 400 ETH.
Further revelations came to light when a suspected member of Inferno Drainer, going by the name “Mr Inferno,” surfaced in a Scam Sniffer Telegram group. This led to the discovery of a website promoting the scammer’s services. Described as a “malware-as-a-service” product, Inferno Drainer offers not only the malicious software but also the hosting of fraudulent websites. The scammers charge a percentage based on the amount stolen.
Among the victims, one individual had suffered the greatest losses, with nearly $400,000 worth of assets stolen. In an attempt to salvage some of their funds, the victim proposed allowing the scammer to keep 50% of the stolen goods.
Inferno Drainer is not an isolated case. Previously, Scam Sniffer had identified another “Scam as a Service” scheme known as “Venom Drainer.” This particular scam drained $27 million from 15,000 victims, with the top five victims collectively losing $14 million.
The scammers targeted well-known brands within the crypto ecosystem, such as Pepe, Collab.Land, zkSync, MetaMask, and Nakamigos. Overall, it is believed that around 220 brands were used to deceive users.
Despite the ongoing bear market, cryptocurrency scams continue to proliferate. Crystal Blockchain’s recent study revealed that 2022 witnessed a record number of 120 crypto fraud incidents, representing a 28% increase compared to the previous year.
However, the total value lost in 2022 was less than half of that in 2021 when crypto scams amounted to a staggering $4.6 billion. Notably, decentralized finance (DeFi) breaches have emerged as the most common type of crypto attack, as per the study’s findings.