MultiversX Tracker is Live!

Lost 2.34M in a Phishing Scam (Inferno Drainer)

All Cryptocurrencies

by COINS NEWS 02/02 123 Views

Lost 2.34M in a Phishing Scam (Inferno Drainer)

A look inside the Phishing Wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2

A few days ago a victim lost over 2.34M in the SUPER token. I learn something new everyday and this token is apparently named after the SuperVerse.

Before getting phished, the victim was a top 10 bag holder of SUPER.

This is yet another case of the CREATE2 function getting exploited. CREATE2 is the phishing transaction signed and allows the scammer to transfer all tokens, including every sh*tcoin under the sun.

  • Phishing Wallet - 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2
  • Victim - 0xc9F304EFe0acC225408797D58A53dfd6A29CD83C

What is CREATE2

Above is an image by Scam Sniffer

The CREATE2 opcode predicts the address of a contract before it's deployed on the blockchain. The scammer generates fresh wallet addresses for each malicious signature.

Once the victim falls into the trap, the scammer creates a contract that transfers all of the user's assets, bypassing most security checks.

In this instance, the main method this wallet drainer finds its victims is by sending fake airdrop links through Twitter.

Where did the Funds Go?

A look at the funds of the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2. Currently it sits on a balance of 2.2M ETH.

Always follow the money! This one still has a chance at recovery.

At the time of the writing, most of the funds are still sitting in the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2. The scammer swapped all of the SUPER tokens to ETH where the value currently sits at about 2.2M

I looked at the outflow of the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2. I didn't see any intermediary, deposit addresses, or mixers used. A few txns went into the Market Marker Proxy wallet and the trading firm Tokka Labs.

I did notice a few txns go to the Market Maker Proxy wallet of - 0x807cF9A772d5a3f9CeFBc1192e939D62f0D9bD38. I traced the timestamps to a Binance Deposit address. It appears to be an institutional deposit address.

Binance Deposit - 0x1a847b0d11120b8510EDCD3C81c4E4249460330A

Wallet of Interest

Whenever I investigate a phishing scam I like to take a look at who potentially could be involved. You'd be surprised at the breadcrumbs left behind.

I did notice the wallet that funded the phishing wallet looked a bit sus.

0x43d7A580F4433Fa32195d7fC31f4D132862D63BB

Starting from the bottom, these are first 6 txns of the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2. 0x43d7A580F4433Fa32195d7fC31f4D132862D63BB was the funder with the 14K in Rollbit token.

I covered up my label to protect the innocent (maybe!).

0x43d7A580F4433Fa32195d7fC31f4D132862D63BB could potentially be a victim. I looked at the txn and did notice a multicall function was used with the Inferno Drainer contract.

Above is the multicall function used between 0x43d7A580F4433Fa32195d7fC31f4D132862D63BB and the phishing wallet of 0x8f9278aaB84290fe6E78515b7938B3136b89A1E2.

Again most of the stolen funds are still sitting in the phishing scammer's wallet. This one is on my watch list to see where the scammer goes with the funds next.

Stay safe out there and beware of this tricky phishing scams!

submitted by /u/jbtravel84
[link] [comments]

Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
πŸ’° Install these recommended apps:
πŸ’² SocialGood - 100% Crypto Back on Everyday Shopping
πŸ’² xPortal - The DeFi For The Next Billion
πŸ’² CryptoTab Browser - Lightweight, fast, and ready to mine!
πŸ’° Register on these recommended exchanges:
🟑 Binance🟑 Bitfinex🟑 Bitmart🟑 Bittrex🟑 Bitget
🟑 CoinEx🟑 Crypto.com🟑 Gate.io🟑 Huobi🟑 Kucoin.



Read more

Related Posts

Comments