In a recent alarming incident, a scam-as-a-service company has managed to defraud users of approximately $6 million worth of cryptocurrency assets. According to Scam Sniffer, a leading web3 scam-detecting firm, a fraudulent vendor named “Inferno Drainer” has orchestrated a series of thefts, targeting unsuspecting victims through 689 phishing websites associated with popular projects.
A recent report has exposed “Inferno Drainer,” that has successfully swindled approximately $6 million worth of crypto assets from unsuspecting users. The report, provided by Scam Sniffer revealed that Inferno Drainer specializes in multi-chain scams and collaborates with scammers by offering them ready-to-use code in exchange for 20% of the stolen assets.
The investigation into the scam began when a vigilant Twitter user, known as 0xSaiyanGod, encountered a promoter of the scam service in the Scam Sniffer Telegram channel. The user promptly reported the scammer, leading Scam Sniffer to launch a thorough investigation.
During the investigation, Scam Sniffer discovered a screenshot that provided evidence of a $103,000 transaction conducted through a phishing scam that exploited a vulnerability known as Permit2. This exploit takes advantage of a simplified version of the token approval process.
Armed with the transaction hash, the Scam Sniffer team traced the exploiter’s address, which ultimately led them to uncover more than 689 phishing websites created since March 27. These websites collectively facilitated the theft of over $5.9 million across various networks, including Ethereum, Arbitrum, Polygon, and BNB Chain.
The report highlighted one particularly significant victim who suffered a loss of $400,000 worth of assets. It further estimated that approximately 1,699 ETH had been stolen and distributed among five major addresses linked to the scam, each containing around 300 to 400 ETH.
This incident underscores the persistent threat of crypto scams and hacks. According to a recent report by AegisWeb3, crypto scammers have fraudulently obtained around 3,234 ETH, equivalent to over $6 million, through fake airdrop schemes over the past nine months. These scams targeted 14,605 individuals seeking to claim fake tokens.
April witnessed a surge in crypto-related scams, hacks, and exploits, resulting in over $103 million in funds being stolen from unsuspecting investors and projects.
Notable incidents included the exploit of MEV trading bots, leading to a loss of $25.4 million, a hot wallet exploit that drained $22 million from the Bitrue exchange, and a hack in the South Korean GDAC exchange resulting in a loss of $13 million, as reported by Certik, a crypto security and auditing company.
In total, crypto and DeFi exploits in April amounted to approximately $74.5 million, accounting for half of the $145 million exploited during the first four months of the year.
