760K Stolen through Inferno Drainer

A single victim lost about 760K a couple of days ago in wstETH, stETH, and pufETH. This appears to be yet another phishing scam where the victim approved a number of malicious signatures.

  • Victim Wallet – 0x5789A38a3FAcfaa86ED950e88D79a9A2F6140052 – 760K VICTIM
  • Hacker Wallet – 0xA212763d2BdDb0BD704f1df9Ab9F3A6b64ACa633 – 760K Hacker
  • Drainer Wallet – 0xFC4EAA4ac84D00f1C5854113581F881b42b4A745 – 760K Drainer

Usually I like to spend time tracing the funds but all the stolen funds still appear to be in the Hacker's wallet.

I'm not seeing any outgoing txns to any exchanges or intermediary wallets.

0xA212763d2BdDb0BD704f1df9Ab9F3A6b64ACa633 – 760K Hacker is a wallet created on 4/10/24 with about 850K in it and growing!

0xFC4EAA4ac84D00f1C5854113581F881b42b4A745 – 760K Drainer is connected to a number of different scams/hacks. It was created on 3/19/24 and has about 3.1M in the wallet, and also growing!

I have 0xFC4EAA4ac84D00f1C5854113581F881b42b4A745 labeled as a Drainer wallet as it appears to be taking a fee of 10 – 11 % of the stolen assets.

Above is a look inside the outgoing txns of the Victim's wallet. A small portion of the funds automatically get funneled into the drainer wallet.

Inferno Drainer

The wallet address 0xFC4EAA4ac84D00f1C5854113581F881b42b4A745 appears to belong to one of the popular SASS (Scams-as-a-Service) wallet drainers, in this case Inferno Drainer.

Inferno Drainer has been around since Nov 2022 and was built as backend infrastructure to drain victim's cryptocurrency wallets across multiple chains. It quickly become the most popular wallet drainer service in 2023, stealing over 70M+ in crypto.

Typically, 20% of the stolen funds goes to the Inferno Drainer organizers while 80% goes to the Customer (the phishing scammer).

Above is an image on how Inferno Drainer works. A phishing website is created and uploaded with the Inferno Drainer code. Once a victim approves a malicious signature, Inferno Drainer automatically sends 20% to their team and 80% to their client. Image courtesy of GROUP-IB.

Inferno Drainer claims to of shutdown back in Nov 2023 but it appears the code was just updated and a new iteration was launched. Additionally, I noticed the drainer wallet took about 10% of the stolen assets instead of 20%. Maybe this is Inferno Drainer Lite?

For example, 0xFC4EAA4ac84D00f1C5854113581F881b42b4A745 is directly connected with the malicious Smart Contract of 0x0000db5c8B030ae20308ac975898E09741e70000, which has been identified as Inferno Drainer.

All of these transactions are done anonymously and these drainer services operate like businesses. To this day we don't know the operator or operators behind Inferno Drainer. We do know that this scam-as-a-service appears to be profitable for all parties involved, except the victim.

According to some researchers, Inferno Drainer has now stolen funds well over 100M+ across 16,000+ retail victims.

Stay safe out there!

reddit imagereddit image

33 thoughts on “760K Stolen through Inferno Drainer”

  1. Hello jbtravel84. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting scam-alert.io. For tips on how to avoid scams, click here.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  2. Report this to ChainAbuse. Looks like there was already a report on the drainer address on April 6th.

    I did a trace as well and the funds are dormant.

    I set an alert and will edit this post if I see anything move.

  3. “victim wallet”

    Could as well be a wallet of a project, an exchange, another hacker, the hacker himself…

  4. I have no idea how you guys even get all of that information. I’ve got a lot of things to learn. Nice job though!

  5. Every single instance of people getting robbed for crypto is because of a fatal error the user made, 99% of it is people trying to “outsmart” the system for their own gain, wether it’s people trying to “Wrap” their crypto to save money or touring to “swap” or trying to collect some free airdrop or whatever. Either that or they become overconfident of what they are doing and don’t send a test amount.

    The process is so fucking simple :

    1. buy on exchange.

    2. send from exchange to cold storage

    3. send from cold storage to exchange

    4. sell

    And always, ffs, send a small test amount of $20 – even if the fee is half that or more just test it out.

  6. If people who have been studying this for years get scammed like this, doesn’t that mean we’re still a long way from mass adoption and use?

  7. So where are these drainers placed? Where cannwe find such malicious things? Mind to elaborate?

  8. i really dont understand how people fall for this kind of shit. especially wealthy mfers like above.

  9. The fact that 760K can vanish in seconds and blame the user instead of saying crypto is not safe blows my mind . Yes it’s user fault. But still it shouldn’t be this easy

  10. Did anyone read the article on crypto fraud, written by the guy who set himself on fire outside the Trump trial?

  11. If you accidentally signed some malicious signature, is it ok to just remove it? Want to seek more opinions

  12. Am I at risk of anything like that happening to me if I use a service like unsheth.xzy? Or do these drains happen because the victm interacted with a phishing website?

  13. Use Tezos – the code is safer and the devs are trained to avoid smart contract flaws opentezos.com/smart-contracts/avoiding-flaws

  14. Honest question, would a cold airgapped wallet prevent or make this much harder?

Comments are closed.