Crypto Catastrophe: How Inferno Drainer Made $150,000 Disappear! 💸😱

by

In the shadowy corners of the digital realm, a group of nefarious individuals, known as Inferno Drainer, has embarked upon a most audacious venture, exploiting a newly minted feature of Ethereum to orchestrate wallet-draining escapades.

This band of rogues has cunningly seized upon the Ethereum Improvement Proposal (EIP) 7702, a pivotal element of the Pectra upgrade, which permits Externally Owned Accounts (EOAs) to masquerade as smart contract wallets during transactions. Ah, the irony of technology designed to empower, now wielded as a weapon of deceit!

Crypto Phishing: A Sophisticated Scam That Would Make Even the Most Cunning Fox Envious

On the fateful day of May 24, the vigilant guardians of the web, Scam Sniffer, a platform dedicated to thwarting such villainy, uncovered a case where a wallet, recently adorned with the EIP-7702 upgrade, fell victim to a staggering loss of nearly $150,000. A sum that could have bought a small estate, or perhaps a lifetime supply of borscht!

Yu Xian, the esteemed founder of the blockchain security firm SlowMist, elucidated that Inferno Drainer executed this theft with a sophistication that would make even the most seasoned con artist nod in approval. Unlike the crude methods of yore, which directly hijacked user wallets, this group employed a delegated MetaMask wallet—one already authorized under the auspices of EIP-7702.

Such cunning allowed the miscreants to approve token transfers with the stealth of a cat burglar, utilizing a batch authorization process that would make a magician envious. The unsuspecting victim, blissfully unaware, inadvertently triggered an “execute” command within MetaMask, which processed the malicious batch data in the background. The result? A silent but effective token drain, akin to a thief slipping away with the family silver.

“The phishing gang employs this mechanism to complete batch authorization operations on tokens related to the victim’s address,” Xian remarked, his tone a mixture of disbelief and exasperation.

The security expert underscored that this incident signifies a notable evolution in the tactics of these digital marauders. No longer content with the old tricks of the trade, they are now weaving the latest Ethereum updates into their nefarious schemes, ever eager to stay one step ahead of their prey.

“As we predicted, the phishing gangs have caught up… Everyone should be vigilant, lest the assets in your wallet vanish into thin air,” Xian cautioned, his words echoing like a warning bell in the night.

In light of this alarming development, he implored users to regularly review their token authorizations and ascertain whether their wallet addresses have been unwittingly delegated to phishing accounts via EIP-7702. A task that, while tedious, could save one from the clutches of these digital bandits.

This incident is but a single thread in the broader tapestry of the crypto industry, where last month, malicious actors pilfered over $5 million from a staggering 7,565 individuals through similar phishing attacks. A veritable feast for the unscrupulous!

In response to this growing menace, security experts have emphasized the necessity for crypto users to adopt a proactive stance in safeguarding their assets. Scam Sniffer has advised industry participants to verify websites before logging in or approving any transactions. They also urge community members to audit their token permissions routinely and, for the love of all that is holy, avoid clicking on unverified links. After all, one must not invite a wolf into the henhouse!

Read More

2025-05-25 19:07