Investor Loses $6.9 Million in Inferno Drainer Phishing Scam

• A crypto investor lost $6.9 million in Ether tokens due to a sophisticated phishing scam involving a malicious permit signature.
• Investigations by Scam Sniffer and MistTrack linked the theft to notorious draining-as-a-service providers, Pink and Inferno Drainer.
• This incident reflects the risks of phishing attacks in the crypto market, with scammers using fake social media accounts to steal.

A cryptocurrency investor recently lost millions to a sophisticated phishing scam. Scam Sniffer, a Web3 anti-scam firm, reported that the investor was tricked into signing a malicious Permit phishing signature.

This authorization led to the theft of 1,807 Ether.fi-Liquid1 tokens, valued at $6.9 million. Moreover, blockchain investigator ZachXBT noted that the same investor fell victim to a phishing attack last year, losing $638,000.

Pink and Inferno Drainer Linked to Attack

The scam involved using a permit function, allowing an off-chain authorization signature to execute transactions on another address’s behalf. This method enabled the transfer of tokens without on-chain transactions, facilitating the theft.

The theft involved two wallets, 0xE56978, from the scammer and 0xFC4EA, belonging to a drainer. Notably, the stolen funds remain within these addresses.

Meanwhile, MistTrack, a crypto tracking and compliance platform built by SlowMist, found connections to the Pink and Inferno Drainers, notorious draining-as-a-service (DAAS) providers in the theft. The drainers offer scammers tools for phishing exploits, such as fake social media accounts and websites, in exchange for a cut of the stolen funds. BeInCrypto reported that these services were used to steal $295 million from 324,000 victims in 2023.

“Another huge amount of phishing, nearly 7 million USD of ETH pledged assets… from the old phishing gang Inferno Drainer. The reason is that the relevant permit offline authorization signature was phished away. Are there still many people who haven’t heard of the phishing tricks or rumors of ‘1click f#ck?’ I hope the victims can come forward to tell their own stories, especially what wallets they used,” Yu Xian, founder of SlowMist, commented.