According to blockchain security firm ScamSniffer in a post on X, a crypto whale reportedly lost more than $32 million in tokens after falling victim to a malicious transaction that allegedly led to Inferno Drainer.
The loss involved wrapped Ether (spWETH) tokens from the decentralized finance DeFi platform Spark, with 12,083 tokens being drained from the whale’s wallet at a value of about $32.4 million at the time.
Inferno Drainer: The $215M Crypto Scam That’s Back and Bigger
Blockchain intelligence firm Arkham said the malicious transaction led to the Inferno Drainer, a scam-as-a-service operation.
As a scam-as-a-service operator, Inferno Drainer specifically targets users by setting up spoofed versions of famous DeFi applications, fooling the victims into signing control of their wallets over to them. However, these scam operators can’t last forever. In May this year, for example, the creators of Pink Drainer, part of a phishing-as-a-service network alongside platforms, similar to Inferno Drainer, announced the shutdown of their operations after stealing $75 million in crypto from nearly 20,000 victims.
According to the Dune Analytics dashboard courtesy of ScamSniffer, the Inferno Drainer has managed to pilfer over $215 million from more than 200,000 victims in its run.
The operators of the Inferno Drainer scam purportedly take 20% of the stolen tokens. While the service was once shut down by its developers themselves in November 2023, this May it resurfaced and promised new and better services with “new staff, new ways to work, new support and new features.” The scam-as-a-service platform now claims support for 28 blockchains and hundreds of DeFi applications.
Whale CZSamSun Loses Fortune to Phishing Scam
Although the name of the person who lost over $32 million is unconfirmed, blockchain sleuth ZachXBT had tied the affected wallet to a whale named CZSamSun, which is different from X user @samczsun, a Paradigm venture capital firm researcher. Paradigm is famous for fighting with cybercriminals. In April this year, the head of security at Paradigm and a white hat hacker, has unveiled SEAL-ISAC. This new platform is designed to enable the redistribution of important cybersecurity data.
CZSamSun-tied wallet also included the message, through a blockchain, from the wallet belonging to the victim that 20% of the refund amount would be given to the returnee of the coins. Yet, he has not received any response from the Inferno Drainer.
Analytics platform LookOnChain also issued a warning against X:
“To avoid being phished, please don’t click on any unknown links and don’t sign any unknown signatures. Always double-check when signing signatures.”
It is a reminder that with increasingly sophisticated phishing scams within the crypto space, extra caution should go hand in hand with keeping digital assets safe.
How to Protect Yourself from Phishing Attacks
The following practical tips are recommended to avoid such malicious attacks. Anti-phishing software and good antivirus programs should be installed at the outset, as such programs can detect and block such threats. Just for example, recently, n an elaborate social engineering scheme, one Genesis creditor was victimized in a heist that was masterminded by three main persons: Greavys, alias Malone Iam; Wiz, alias Veer Chetal; and Box, alias Jeandiel Serrano.
Regular updates on your devices, and their software, especially email client, phone, and web browser, which have recently become indispensable for dealing with a lot of critical transactions, are worth the price paid against the service.
Employ anti-phishing browser extensions and pop-up blockers to enhance browsing security. Be wary even of those emails that at face value appear to be legitimate, by making sure to double-check URLs and sender addresses before clicking links.
For example, Inferno Drainer employed malicious scripts with spoofs of popular Web3 protocols and fooled owners into connecting their wallets and authorizing transactions that appeared to them for collecting an airdrop. The scammers also advertised their services via a Telegram channel called Inferno Multichain Drainer.
Avoid downloading from unknown sources that may contain harmful code to the system. Be extremely wary of phishing attempts through social media sites and be skeptical of ads online, making sure sources are trustworthy.
Lastly, always allow two-factor authentication when available to add an additional security layer against unauthorized access of your account.
Disclaimer: The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.
By CoinGape
Source: CoinGape
✓ Share: