1. Home
  2. permit2

permit2

‘Inferno Drainer’ scam as a service has stolen $5.9M since March: Report

The service provides code to scammers that allows them to drain wallets using token approval phishing methods

A new scam as a service called “Inferno Drainer” has reportedly stolen nearly $6 million from unsuspecting crypto users, according to Web3 scam detecting firm Scam Sniffer. Inferno Drainer reportedly advertises that it provides ready-to-go code to scammers, allowing them to steal crypto in exchange for a 20% cut of the scammer’s crypto "loot".

The scam service was discovered by security enthusiast and pseudonymous Twitter user 0xSaiyanElite, who happened to run across a promoter of it while browsing the Scam Sniffer Telegram channel. Saiyan reported the scammer to the channel, and the security service began an investigation. They found a screenshot showing a $103,000 drain transaction using a Permit2 exploit. Permit2 exploits are phishing scams that rely on a simplified version of the token approval process.

As told by Scam Sniffer, the screenshot showed the transaction hash of the theft, prompting the team to search up the transaction, which uncovered the exploiter’s address. Scam Sniffer then found the said address was associated with over 689 phishing websites created since March 27 and had drained $5.9 million from victims on various networks, including Ethereum, Arbitrum, Polygon, and BNB Chain. Scam Sniffer created a Dune analytics dashboard to reveal the data validating this conclusion.

Related: Pepe memecoin frenzy gets unwanted attention from scammers

According to the report, Inferno Drainer advertised its “service” to scammers in return for 20% of profits. It even offered to build phishing sites for customers in exchange for 30%, but only for “good customers or people with big potential.”

Alleged Telegram advertisement for Inferno Drainer. Source: Scam Sniffer

Scams as services have become an increasing problem in the crypto community over the past few months. A similar service called “Monkey Drainer” was discovered by ZachXBT in October. It drained at least $1 million in ETH from users before shutting down in March.

Magazine: Should crypto projects ever negotiate with hackers? Probably

Aave mulls Chainlink integration to return MEV fees to users