Pengfei.eth Link Phishing Inferno Drainer

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 15:04, 18 September 2024 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/pengfeiethlinkphishinginfernodrainer.php}} {{Unattributed Sources}} thumb|Inferno DrainerPengfei.eth became an unfortunate Inferno Drainer victim, sending $137k worth of LINK to a phishing website, where it was split between a scammer and the software developer. It is unclear if any investigation is underway or any funds will be recovered.<ref name="chainaegi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Inferno Drainer

Pengfei.eth became an unfortunate Inferno Drainer victim, sending $137k worth of LINK to a phishing website, where it was split between a scammer and the software developer. It is unclear if any investigation is underway or any funds will be recovered.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19]

About Pengfei.eth

https://opensea.io/0x98f654450c796a41b76cb2a3731bf22ab5d32da9/deals https://holesky.ethplorer.io/address/0x98f654450c796a41b76cb2a3731bf22ab5d32da9 https://etherscan.io/address/0x98f654450c796a41b76cb2a3731bf22ab5d32da9 https://app.zerion.io/0x98f654450c796a41b76cb2a3731bf22ab5d32da9/overview

About Inferno Drainer

"A new type of scam software called “drainers” recently appeared in the wild. The first attacks involving this malware made headlines in late 2022. The damage they caused accounted for a “petty” few dozen million US dollars. However, in just a few months, the situation changed drastically: spurred on by their initial successes, threat actors behind wallet drainers stole almost USD 300 million in 2023. Much of that can be attributed to a player called Inferno Drainer, whose activity, ScamSniffer estimates, led to more than USD 80 million being stolen — the biggest sum siphoned by one drainer so far.

The Inferno Drainer developers created their Telegram channel in November 2022. From December 2022 to February of the following year, Inferno Drainer launched a major advertising campaign on Telegram. Although the gang announced that Inferno Drainer was shutting down operations in November 2023, the user panel related to the software developers is still available to past clients, who continue to attack crypto wallet owners to this day."

"Although the service was shut down, the Inferno Drainer scheme continues to pose a threat because its former users are likely to have shifted to new fraudulent activities. Its customers have access to the Inferno Drainer infrastructure and are hungry for easy money. The success that the criminal developers have enjoyed is expected to inspire future waves of similar tools."

"Inferno Drainer operated 689 phishing websites targeting various popular projects, exploiting vulnerabilities in the decentralized nature of cryptocurrency transactions. Reports indicate that nearly 4,888 victims have fallen prey to these scams, suffering substantial financial losses."

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

"Address 0x4fcF...d75c fallen victim to a phishing scheme, and lost ~$137K worth of $LINK."

Key Event Timeline - Pengfei.eth Link Phishing Inferno Drainer
Date Event Description
November 26th, 2023 4:58:00 PM MST CoinTelegraph Reports ShutDown CoinTelegraph reports that the InfernoDrainer software has announced their shutdown.
January 18th, 2024 9:18:47 AM MST Report On ShutDown A report is published on the supposed shutdown of the InfernoDrainer software.
May 21st, 2024 7:42:00 AM MDT Inferno Drainer Relaunched Inferno Drainer reportedly relaunches after being offline since November. The service reportedly phished $125m privately during the downtime.
June 30th, 2024 10:56:47 PM MDT Blockchain Transaction The blockchain transaction draining the wallet.
July 1st, 2024 2:55:00 AM MDT ChainAegis Tweet ChainAegis shares a tweet about the phishing attack with analysis.
July 2nd, 2024 9:31:00 AM MDT Bitrace Discussion Bitrace discusses the InfernoDrainer addresses which have received an estimated $28m in funds.

Technical Details

"From 0x4fcFdda0...a7227d75c To Fake_Phishing324039 For 1,681.63256625 $24,366.86 ChainLink To... (LINK)"

"From 0x4fcFdda0...a7227d75c To 0x82AE0340...31c67C636 For 7,927.69638375 $114,872.32 ChainLink To... (LINK)"

"The drainer would then check the minimum wallet value. If the assets amounted to less than $100, a transaction was not initiated until the wallet was recharged. Once a sufficient amount was available, the drainer selected the victim’s most valuable and easiest to transfer assets and initialized a transaction. If the victim confirmed the transfer manually, their assets were sent to criminals’ addresses and split 20/80 between the developer and the customer."

"The reason the scam service broke the record as regards the amount of stolen money was the mass nature of its activity. The multichain drainer siphoned assets across many crypto networks and its customers attacked users through compromised social media accounts and promotion campaigns more aggressively than all its predecessors: there were more than 134,000 victims. By comparison, the second most notable drainer, called MS Drainer, affected half as many victims."

Total Amount Lost

"From 0x4fcFdda0...a7227d75c To Fake_Phishing324039 For 1,681.63256625 $24,366.86 ChainLink To... (LINK)"

"From 0x4fcFdda0...a7227d75c To 0x82AE0340...31c67C636 For 7,927.69638375 $114,872.32 ChainLink To... (LINK)"

The total amount lost has been estimated at $137,000 USD.

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @ChainAegis Twitter (Accessed Jul 2, 2024)
  2. ChainAegis (Accessed Jul 2, 2024)
  3. Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Jul 2, 2024)
  4. @Bitrace_team Twitter (Accessed Jul 2, 2024)
  5. Goodbye Inferno Drainer? How the scam service stole millions of dollars and why it’s still dangerous | by Group-IB | Medium (Accessed Jul 2, 2024)
  6. How a ‘crypto drainer’ tricked people into handing over $80 million in assets worldwide (Accessed Jul 2, 2024)
  7. Telegram: Contact @InfernoDrainer (Accessed Jul 2, 2024)
  8. https://cointelegraph.com/news/inferno-drainer-shut-down-after-stealing-millions-crypto-wallet-scam-kit (Accessed Jul 2, 2024)
  9. https://web.archive.org/web/20230619050207/https://inferno-drainer.com/ (Accessed Jul 2, 2024)
  10. Login | Inferno Drainer (Accessed Jul 2, 2024)
  11. Login | Inferno Drainer (Accessed Jul 2, 2024)
  12. https://www.group-ib.com/blog/inferno-drainer/ (Accessed Jul 2, 2024)
  13. Crypto phishing kit Inferno Drainer shuts down after enabling over $80M in scams (Accessed Jul 2, 2024)
  14. Inferno Drainer: The $6 Million Web of Deception - NFT News Today (Accessed Jul 2, 2024)
  15. Inferno Drainer resumes operations, claims $250 million stolen from crypto users (Accessed Jul 2, 2024)
  16. @Plumferno Twitter (Accessed Jul 2, 2024)
  17. What Is Inferno Drainer? New Phishing Scam Pilfering Crypto, NFTs - Decrypt (Accessed Jul 2, 2024)
  18. Pink Drainer Out Inferno Drainer Back New Shift In The Crypto Wallet Drainer Industry (Accessed Jul 2, 2024)
  19. https://dune.com/scamsniffer/inferno-drainer (Accessed Jul 2, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Pengfei.eth_Link_Phishing_Inferno_Drainer&oldid=6083"