A scam-as-a-service company has siphoned off approximately $6 million worth of crypto assets from unsuspecting users.
According to a report from Web3 scam-detecting firm Scam Sniffer, a scam vendor dubbed “Inferno Drainer” has stolen $5.9 million in assets from 4,888 victims across 689 phishing websites targeting popular projects since the start of the year.
The report detailed that Inferno Drainer specializes in multi-chain scams and provides ready-to-go code to scammers in return for 20% of the stolen assets.
“By analyzing the associated data on the Mainnet, Arbitrum, BNB, and other chains, we found them has stolen about $5.9 million in assets and have nearly 4,888 victims so far!”
The scam was discovered after a Twitter user who goes by the name of 0xSaiyanGod, also known for their interest in security matters, stumbled upon a promoter of the scam service while browsing the Scam Sniffer Telegram channel.
Upon reporting the scammer to the channel, the security service initiated an investigation.
Scam Sniffer then uncovered a screenshot evidencing a $103,000 transaction made through a phishing scam that utilized a Permit2 exploit, which takes advantage of a simplified version of the token approval process.
With the transaction hash in hand, the Scam Sniffer team went on to search for the exploiter’s address, which was eventually discovered.
The address was linked to over 689 phishing websites created since March 27, amounting to more than $5.9 million stolen across various networks, including Ethereum, Arbitrum, Polygon, and BNB Chain.
The report further noted that one of the biggest victims has lost $400,000 worth of assets.
“By analyzing the on-chain funds collection addresses, it is estimated that there were approximately 1,699 ETH stolen and distributed among these 5 large addresses,” the report said, adding that they keep around 300 to 400 ETH in each address.
Crypto Scams and Hacks Continue to Take Victims
A recent report by AegisWeb3 has revealed that crypto scammers made around 3,234 ETH, worth over $6 million, from fake airdrops in the past nine months.
The report showed that between August 2022 and May, the scammers defrauded 14,605 people through their fake token claim scams.
It is worth noting that April was marred by a series of crypto scams, hacks, and exploits that saw over $103 million of funds stolen from unsuspecting investors and projects.
Some of the more notable hacks in the month include the loss of $25.4 million due to the exploit of MEV trading bots, $22 million stolen in a hot wallet exploit from Bitrue exchange, and the hack of South Korean GDAC exchange leading to a loss of $13 million, according to a report by crypto security and auditing company Certik.
Furthermore, around $74.5 million was lost to crypto and DeFi exploits in April, making up half of the total $145 million exploited in the first four months of the year.