On October 14, a cryptocurrency trader suffered a significant loss of over $1.28 million in digital assets after signing a malicious transaction related to a phishing attack from late September.
Inferno Drainer: The Toolkit Behind the Attack
According to blockchain intelligence firm Arkham, the attack was likely executed using the phishing-as-a-service toolkit known as Inferno Drainer. This toolkit has been responsible for facilitating the theft of hundreds of millions of dollars.
Details of the Phishing Attack
The victim’s wallet, identified as “0xb0b..40c7,” was drained of 108 billion PEPE, 73.8 million APU, and 165,000 MSTR tokens. The loss occurred after the trader unknowingly signed a phishing permit transaction, allowing the scammers to gain control of the wallet.
In this type of scam, known as an “approval phishing attack,” scammers use the signed transaction to transfer assets from the victim’s wallet. In this case, the stolen funds were transferred across six different transactions to addresses controlled by the attackers.
One of the wallets, labeled “Fake_Phishing442846,” was previously linked to a phishing scam two weeks earlier, in which over $32 million worth of spWETH tokens were stolen.
The Mechanics of Inferno Drainer
Inferno Drainer allows criminals to create fake websites and applications, tricking users into granting them control over their wallets. The service operates on a subscription model, charging 30% for phishing website creation and 20% for each successful scam.
Despite announcing a shutdown in November 2023, Inferno Drainer resurfaced in May 2024, driven by increased demand. The toolkit has stolen over $237 million from more than 200,000 victims, according to Dune analytics.
Over $127 Million in Cryptocurrency Stolen in Q3 2024
Phishing attacks remain a significant threat to cryptocurrency investors. Chainalysis estimates that since 2021, over $2.7 billion has been lost due to phishing scams.
In Q3 2024 alone, over $127 million in cryptocurrency was stolen, with September accounting for $46 million of the total. According to Web3 security firm Scam Sniffer, approximately 10,800 individuals fell victim to phishing attacks in September.
The largest incident occurred on September 28, when a permit phishing attack drained 12,083 spWETH, worth $32.43 million. The primary targets of such attacks include Ether, as well as other cryptocurrencies like Polygon (MATIC), BNB, and Optimism (OP).
Most phishing attacks originate from malicious links on social media and phishing ads found on Google, posing a significant risk to cryptocurrency investors.
The post Inferno Drainer Claims Another Victim: $1.28M Lost in PEPE and Altcoins appeared first on Cryptonews.
