Inferno Drainer Claims Another Victim: $1.28M Lost in PEPE and Altcoins

Last updated:

Journalist

Hassan Shittu

Journalist

Hassan Shittu

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…

Last updated:

Why Trust Cryptonews

With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews

A cryptocurrency trader lost over $1.28M in digital assets on October 14 after signing a malicious transaction associated with a phishing attack in late September.

According to blockchain intelligence firm Arkham, the attack was likely carried out using Inferno Drainer. The phishing-as-a-service toolkit has been responsible for hundreds of millions of dollars in stolen funds.

Phishing Attack Linked to Inferno Drainer Scam Service: How Did Victim Lose $1.28M?

The investor’s wallet, identified as “0xb0b..40c7,” was drained of 108 billion PEPE, 73.8 million APU, and 165,000 MSTR tokens after being tricked into signing a phishing permit transaction.

The method used in the attack is known as an “approval phishing attack,” which allows scammers to gain control of a victim’s wallet and transfer assets.

In this case, the stolen funds were moved across six transactions and distributed to multiple addresses controlled by the attackers.

One of the wallets involved, “Fake_Phishing442846,” was linked to another phishing attack just two weeks earlier, in which over $32 million in spWETH tokens were stolen.

The phishing toolkit enables criminals to create fake websites and applications, tricking users into granting control of their wallets.

Inferno Drainer operates on a subscription model, charging scammers 30% for creating phishing websites and an additional 20% for each successful attack. According to Dune analytics data, the toolkit has facilitated the theft of over $237 million from more than 200,000 victims to date.

Although the developers announced plans to shut down Inferno Drainer in November 2023, the toolkit resurfaced in May 2024, driven by renewed demand from scammers.

Over $127 Million in Cryptocurrency Stolen in Q3 2024

Phishing attacks pose a major threat to crypto investors, with a Chainalysis report estimating losses of $2.7 billion since 2021.

A recent high-profile case saw a venture capital fund lose $35 million in fwDETH tokens, causing a 90% drop in the token’s value.

Over $127 million in cryptocurrencies were stolen in Q3 2024 alone, with approximately $46 million lost in September. Web3 security firm Scam Sniffer reported that about 10,800 victims were affected by phishing attacks that month.

The largest incident occurred on September 28, when a permit phishing attack drained 12,083 spWETH, worth $32.43 million. The primary targets were Ether and other cryptocurrencies like Polygon (MATIC), BNB, and Optimism (OP).

Most phishing incidents stem from malicious links on social media and phishing ads on Google.