ScamSniffer, an anti-scam solution provider for the web3 industry, identified a new threat involving crypto. According to a recent post on the company’s website a scam vendor nicknamed Inferno Drainer has managed to steal $5.9 million in crypto assets from 4,888 victims so far. ScamSniffer provided the estimations after analyzing data on several chains, including Mainnet, Arbitrum, and BNB.
Inferno Drainer specializes in multi-chain scams based on setting up fraudulent websites rigged with malware that phishes for users’ data to drain their wallets. The scammer charges 20% to 30% of the stolen funds. ScamSniffer managed to identify the threat when a member of the Inferno network appeared in the company’s Telegram group with his BIO linking to Inferno’s “official” promotion channel.
One of the channel screenshots indicated a $103 thousand dollar theft based on Permit2 token approval contract. ScamSniffer queried the transaction hash and found the transaction in its database. The transaction was associated with several known addresses in the company’s malicious address database. Further analysis shows that Inferno Drainer has set up nearly 700 phishing websites since March 27, targeting over 220 crypto projects, including Bob, ChainGPT, Collab.Land, Pepe, zkSync, and more.
Below you can find the timeline of the scam and the total stole assets distribution by chain.
Inferno Drainer scam falls into the category of malware-as-a-service (MaaS) or scam-as-a-service, aka fraud-as-a-service, online crime schemes, whereby a bad actor provides paid tools or services, such as software, to enable online theft.
The scam brought to light by ScamSniffer follows another recent MaaS fraud scheme known as Venom Drainer, also unearthed by the same company in April this year. According to ScamSniffer data, total funds stolen in the latter scam exceeded $27 million, with over 15 thousand users affected.