Cryptocurrency-related thefts are common among decentralised finance (DeFi) platforms and NFT projects. However, what is relatively unheard of is a crypto phishing service. In a recent incident, a fully-fledged scam service provider, called Inferno Drainer, was found to facilitate multi-chain scams while taking a cut of the stolen assets.

According to Scam Sniffer, a web3 scam detecting firm, this notorious scam vendor has already stolen about $5.9 million in assets and targeted at least 4,888 victims. Let's have a closer look.

How Inferno Drainer pulls scams

Inferno Drainer is a malicious software provider that specialises in executing multi-chain scams. Since March 27, it has facilitated over 689 phishing websites, targeting several popular crypto and NFT projects.

In turn, these phishing websites have targeted more than 220 projects, including Bob, PEPE, zkSync, ChainGPT, Sui, Collab.Land, PUYSPOP, Floki, LayeZero, Scroll, Lens Protocol, MetaMask, Optimism, Blur, and others.

An analysis of on-chain and off-chain data showed that Inferno Drainer has mainly targeted blockchains Arbitrum, BNB Chain, Ethereum, and Polygon. Meanwhile, bad actors utilizing this scam vendor have stolen about 1,699 ETH, which has been distributed among five different addresses, each holding between 300 to 400 ETH.

According to reports, the total amount stolen through Inferno Drainer to date is $5.92 million. Out of this, funds stolen from the Ethereum mainnet accounted for $4.3 million, Arbitrum for $0.79 million, BNB for $0.39 million, and Polygon for $0.41 million.

The phishing service came to light when a suspected user of Inferno Drainer, called "Mr. Inferno," appeared in Scam Sniffer's Telegram group. This led to the discovery of websites promoting scamming services.

Scam Sniffer also revealed that Inferno Drainer charges 20 percent to 30 percent of the stolen crypto assets in exchange for their scamming software, which is used to develop fraudulent websites.

In essence, Inferno Drainer is a malware-as-a-service product that provides software for hosting malicious sites and charges users based on the amount stolen.

Another similar scam service provider, called Venom Drainer, has also made headlines for all the wrong reasons. As per reports, it has carried out large-scale scams that have drained $27 million from 15,000 victims. Among these victims, the top 5 have lost a total of $14 million. It was found that Venom Drainer has targeted about 170 brands through its 530 phishing websites to date.

Crypto-related hacks are easing, but you should be on your toes

According to recent findings from Crystal Blockchain, 2022 was the worst year on record for crypto fraud, with 120 reported incidents, representing a 28 percent increase compared to 2021.

Meanwhile, a separate study conducted by TRM labs found that hackers stole around $400 million in about 40 crypto attacks during the first three months of 2023, which is a 70 percent decrease compared to the same period in 2022.

Additionally, the average size of hacks decreased from $30 million in Q1 2022 to $10.5 million in Q1 2023. While these figures may provide some relief to the crypto community, the reduced amount still represents a significant loss. It is possible that this decrease is only temporary since new types of scams continue to emerge in the crypto landscape.

Conclusion

Security measures on cryptocurrency-based platforms are not completely fool-proof and the space is not new to thefts and scams. However, what is worrying is that fraudsters are devising intricate methods each day to steal funds.

For example, Ethereum validators recently stole $25 million in crypto through a sandwich attack using an MEV bot. These sandwich attacks exploit vulnerabilities in smart contracts. Alongside this blockchain attack, the "airdrop phishing scam" has also become prevalent in recent times. Therefore, to be as safe as possible, it is critical to remain aware and knowledgeable about these new types of fraud and attacks.