Lost 2.34M in a Phishing Scam (Inferno Drainer)

A look inside the Phishing Wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2

A few days ago a victim lost over 2.34M in the SUPER token. I learn something new everyday and this token is apparently named after the SuperVerse.

Before getting phished, the victim was a top 10 bag holder of SUPER.

This is yet another case of the CREATE2 function getting exploited. CREATE2 is the phishing transaction signed and allows the scammer to transfer all tokens, including every sh*tcoin under the sun.

  • Phishing Wallet – 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2
  • Victim – 0xc9F304EFe0acC225408797D58A53dfd6A29CD83C

What is CREATE2

Above is an image by Scam Sniffer

The CREATE2 opcode predicts the address of a contract before it's deployed on the blockchain. The scammer generates fresh wallet addresses for each malicious signature.

Once the victim falls into the trap, the scammer creates a contract that transfers all of the user's assets, bypassing most security checks.

In this instance, the main method this wallet drainer finds its victims is by sending fake airdrop links through Twitter.

Where did the Funds Go?

A look at the funds of the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2. Currently it sits on a balance of 2.2M ETH.

Always follow the money! This one still has a chance at recovery.

At the time of the writing, most of the funds are still sitting in the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2. The scammer swapped all of the SUPER tokens to ETH where the value currently sits at about 2.2M

I looked at the outflow of the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2. I didn't see any intermediary, deposit addresses, or mixers used. A few txns went into the Market Marker Proxy wallet and the trading firm Tokka Labs.

I did notice a few txns go to the Market Maker Proxy wallet of – 0x807cF9A772d5a3f9CeFBc1192e939D62f0D9bD38. I traced the timestamps to a Binance Deposit address. It appears to be an institutional deposit address.

Binance Deposit – 0x1a847b0d11120b8510EDCD3C81c4E4249460330A

Wallet of Interest

Whenever I investigate a phishing scam I like to take a look at who potentially could be involved. You'd be surprised at the breadcrumbs left behind.

I did notice the wallet that funded the phishing wallet looked a bit sus.


Starting from the bottom, these are first 6 txns of the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2. 0x43d7A580F4433Fa32195d7fC31f4D132862D63BB was the funder with the 14K in Rollbit token.

I covered up my label to protect the innocent (maybe!).

0x43d7A580F4433Fa32195d7fC31f4D132862D63BB could potentially be a victim. I looked at the txn and did notice a multicall function was used with the Inferno Drainer contract.

Above is the multicall function used between 0x43d7A580F4433Fa32195d7fC31f4D132862D63BB and the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2.

Again most of the stolen funds are still sitting in the phishing scammer's wallet. This one is on my watch list to see where the scammer goes with the funds next.

Stay safe out there and beware of this tricky phishing scams!

reddit imagereddit imagereddit imagereddit imagereddit imagereddit image

35 thoughts on “Lost 2.34M in a Phishing Scam (Inferno Drainer)”

  1. Hello jbtravel84. It looks like you might have found a new scam? If so, please report this scam by crossposting to r/CryptoScams, r/CryptoScamReport, or visiting scam-alert.io. For tips on how to avoid scams, click here.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  2. moral of the story?

    Stay away from Twitter and discord. Buy Bitcoin. Stop participating in shitdrops

  3. cant happen with MultiversX chain. Guardian protects every single transaction and seed phrase with 2FA 😉

  4. I want to ask a queen about phishing but I might slaughter words. So please bear with me here.

    If you fall for a phishing scam, does it get access to all your different crypto, like shitcoin, ETH, BTC, etc., or do you have to grant access to each separately?

  5. The amount of people connecting their wallets to random website just to get airdrops is Insane

  6. LPT: if you want to hunt for airdrops, don’t use your main wallet. It’s safer to make new wallet on a different browser with minimum eth or any other tokens just enough for gas fees.

  7. Damn bro you do this shit all yourself, you got knowledge that many don’t, shit has value.

  8. What a great blockchain Eth that allows this type of things. Is this the future of finance?

  9. If I understood this correctly, it basically means that the hacker got access through phishing then used smart contract to transfer all the money since it can bypass security measures. Right??

  10. I’m genuinely curious. How hard would it be to add a warning on certain wallet transactions. “This transaction will transfer all your owned tokens to a third party” ?

  11. Hahahahaha I have no sympathy for these clowns that get scammed. It’s their own fault. Idiots.

  12. Another reminder to all the newbies here: CEX like coinbase are infinitely safer than defi and self custody. Just make sure you have all security functions turned on.

  13. All this means nothing to me other than scammers are bloody smart. Who trawls through and finds these exploits.

  14. I sometimes put on my tinfoil hat and wonder if institutions like Blackrock are sponsoring this sort of activity, to scare people and drive them to “safe” investment vehicles like ETF’s.

    No, I’m not serious. But it does illustrate why some people who want exposure to BTC would prefer not to have to look after their own security.

  15. Can you describe more in depth what is the workflow of the hack?

    Analysing the victim’s wallet I see 2 interesting transaction the approval increase and the transfer.

    The approval is only for super token how would create2 allow to transfer all tokens (it would need an approval transaction signed for every token no ?)

    In my workflow i sign every transaction with a hardware wallet doesn’t help that much when transaction data is obfuscated but at least it makes it easy to realise when you are actually signing transactions vs (connecting dapp etc,…)

  16. Imagine having over 2M in some crazy shit nobody has ever heard of, and instead of taking the money and running and be set for life, just leave it there because… reasons?

    Pigs get slaughtered lol

  17. This Fake_Phishing address caught me with a malicious contract too, only €150 worth of a coin that would be worth about €700 to me now had it not been drained.

  18. Crypto will never become money until security issues like this can be addressed. Wide spread adoption is impossible.

Comments are closed.