Inferno Drainer, one of the most widely used wallet-draining services, has announced that it is shutting down its operations almost immediately.
Inferno drainer had been a service that “helped” bad actors steal funds out of other wallets in exchange for between 20% and 30% of the total value of stolen assets but suddenly started to pop up on the Scam Sniffer telegram.
The service’s modus operandi was, usually, to clone the websites of projects pointed out by someone who made contact on Telegram. Once the targets fell for it, Inferno’s phishing software would drain the wallet and pay out 80% to the collaborator.
Earlier this year, Scam Sniffer, a Web3 security company, reported that nearly 5,000 people had been targeted by the drainer, resulting in the loss of nearly $6 million.
1/ Inferno Drainer, a scam vendor specializing in multi-chain scams, has stolen $5.9 million in assets from nearly 4,888 victims through over 689 phishing websites targeting popular projects.https://t.co/OEjdzHm2Ls
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 19, 2023
However, this was only the beginning. Currently, Scam Sniffer revealed that Inferno Drainer has assisted in the theft of over $70 million in cryptocurrency from 103,767 victims on several blockchains.
Inferno Drainer announces shutdown after draining over $70M from ~103K victims. pic.twitter.com/8DwtckleiZ
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) November 27, 2023
The admin of the drainer, on the other hand, claims the total amount stolen is actually more than $80 million.
If the malware providers’ figures are correct, the team behind the wallet drainer has gathered about $16 million worth of illicit profit in about half a year.
Malicious actors can remove money from cryptocurrency wallets with the aid of “malware-as-a-service” called Inferno Drainer. It has enabled over 689 phishing websites since March 27th, targeting a number of well-known cryptocurrency and NFT initiatives.
Inferno Drainer Shuts Down
The team behind the wallet drainer announced the permanent closure of their service in a Telegram post on November 26. It said that servers would continue to run to allow users to switch to another platform.
The post’s tone is true to form for hackers, displaying the same gallows humor and sardonic mannerisms often seen in communications with such individuals.
“The end of the craziest journey. Inferno drainer is shutting down. It has been a long ride with all of you and we’d like to thank you from heart. Unfortunately, nothing lasts forever. After +80 millions of $ drained, we decided to shut down, it’s time for us to move on. […] A big thank to everyone who has worked with us such as Drakan and every other customers, we hope you can remember us as the best drainer that has ever existed and that we succeeded in helping you in the quest of making money.”
The post also stated that the service would be closed for good, and anyone pretending to contact users of the service on their behalf would simply be someone attempting to scam them.
Security enthusiast and anonymous Twitter user 0xSaiyanGod stumbled into the fraud service when perusing the fraud Sniffer Telegram channel and came across one of its promoters.
After Saiyan informed the channel about the scammer, the security staff launched an inquiry. Using a Permit2 exploit, Scam Sniffer discovered a snapshot demonstrating a $103,000 drain transaction. Phishing schemes known as “permit2 exploits” rely on an abridged token approval procedure.
Although Inferno may be gone, competing services remain active and serve as a reminder to practice basic OPSEC whenever interacting with others.
Meanwhile, rumors surfaced earlier this week claiming a Blast protocol pioneer had connections to Inferno. However, after examining the on-chain data, Loch, a blockchain portfolio analytics company, revealed that there was no real connection between Inferno Drainer and the address of the Blast creator.
We heard rumors that the @Blast_L2 bridge is linked to the Inferno Drainer.
Here's what we found after analyzing the on-chain data.
One of the BLAST founders is connected to a Binance Deposit address that has connections with Inferno drainer. This is correct.
BUT that Binance… pic.twitter.com/YmVN3Xk5VB
— Loch (@loch_chain) November 26, 2023