It’s likely targeting your favorite crypto projects on the largest blockchains. But what exactly is Inferno Drainer?

Scam Sniffer, a platform specializing in the identification of scams, announced on Friday that the malicious software provider is allegedly linked to thousands of scams resulting in the theft of several million dollars.

By analyzing off-chain and on-chain data on Ethereum, Arbitrum, BNB Chain, and other chains, the security firm identified 4,888 victims who collectively lost over $5.9 million in cryptocurrencies and NFTs.

Total Stolen - By Chain
Hack by chain via Inferno Drainer. Source: Dune.

Approximately 1,699 ETH is reported to have been stolen and distributed across five different addresses, each holding between 300 and 400 ETH.

The extent of these scams was revealed when a suspected Inferno Drainer member named “Mr Inferno” appeared in a Scam Sniffer's Telegram group.  

This led to the discovery of a website promoting the scammer's services. “We have a product that provides Web3 malicious website scanning service for platforms, so we identifiy a lot of malicious websites,” Scam Sniffer explained to Decrypt. “The Telegram channel helped us connect them together.”

The scammer reportedly charges 20% to 30% of the stolen assets in exchange for their malicious software, which is used to create fraudulent websites. 

In total, Inferno is reported to have created nearly 689 phishing websites since March 27. “This is the data we have based on the on-chain activity, but it could have started earlier,” Scam Sniffer told Decrypt

“It can be seen as a ‘malware-as-a-service' product,” they said. “They provide the software and the malicious site hosting, and they charge based on the stolen amount.”

The victim who has suffered the greatest losses is this wallet, which had nearly $400,000 worth of assets stolen. 

According to Scam Sniffer, the victim attempted to negotiate with the scammer, offering to let them retain 50% of the stolen goods.

Last month, a similar type of “Scam as a Service” called Venom Drainer was already identified by Scam Sniffer. It drained $27M from 15k victims, with the top 5 victims losing $14M in total. 530 phishing sites were created, targeting around 170 brands.

Which projects have been targeted?

The scammers targeted some of the most well-known brands in the crypto ecosystem, such as Pepe, Collab.Land, zkSync, MetaMask, and Nakamigos, among others. 

In total, about 220 brands are believed to have been used to deceive users.

Despite the bear market, crypto scams are still frequent. A recent study by Crystal Blockchain revealed that 2022 emerged as the worst year on record for crypto fraud, with 120 separate incidents reported. 

This number represents a 28% increase compared to 2021.

However, the total value lost across all incidents in 2022 was less than half of that in 2021 when the total funds lost in crypto scams reached $4.6 billion. This can likely be chalked up to the ongoing bear market which kicked off last May.

Decentralized finance (DeFi) breaches are now the most common type of crypto attack, according to the same study.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.