A cryptocurrency investor has lost $32 million in a phishing attack with an infamous Inferno Drainer tool. The incident occurred on September 28, 2024.
It was first reported by blockchain security firm ScamSniffer on social media platform X.
The victim lost 12,083 wrapped ether tokens (spWETH). These tokens are linked to the Spark decentralized finance protocol. Their current value is approximately $32.4 million.
Blockchain intelligence firm Arkham identified the attack method. The scammer used Inferno Drainer, a notorious scam-as-a-service tool. This software creates fake versions of popular DeFi applications and tricks users into signing malicious transactions.
Inferno Drainer has a significant history of theft. A Dune Analytics dashboard by ScamSniffer shows it has stolen over $215 million from more than 200,000 victims. The service's operators allegedly take a 20% commission on stolen tokens.
The tool was thought to be defunct. Its developers shut it down in November 2023. However, it resurfaced in May 2024. The new version claimed improved features and wider blockchain support.
The victim's identity remains unconfirmed. Blockchain investigator ZachXBT noted transactions linking the compromised wallet to a whale known as CZSamSun. This is not the same as the Paradigm researcher @samczsun on X.
The victim has offered a reward. A message from the compromised wallet promises 20% for the return of stolen funds. The alleged scammer has not responded.
LookOnChain, a blockchain analytics firm, advised caution. They urged users to avoid unfamiliar links and verify all transactions before signing. This can help prevent similar attacks.
In a related development, a fake wallet app has caused further losses. The app, masquerading as WalletConnect, stole $70,000 from users, targeting mobile users exclusively, a first of its kind according to researchers.
Check Point Research uncovered the scam. The malicious app deceived over 10,000 users into downloading it and exploited common web3 user frustrations to market itself as a solution.
These incidents highlight ongoing security risks in the cryptocurrency space. Users are advised to remain vigilant and verify all transactions carefully.