Inferno Drainer fails to launder over $500k in stolen ETH following Railgun intervention
The team behind Inferno Drainer, a notorious crypto scam service, failed to launder a substantial amount of ETH after privacy protocol Railgun managed to block the transaction.
According to security firm MistTrack, on July 9, the team behind the subscription-based malware attempted to launder over 175 Ether, approximately $540,000 at press time.
The transaction was initially flagged by the tracking service Scam Sniffer, which recorded 365.7 ETH being transferred by a phishing scammer linked to Inferno Drainer.
Approximately 190.7 ETH was sent to a wallet identified by “0x0fc2e”, and the remainder was transferred to a smart contract wallet linked with Railgun.
Transactions made by Inferno Drainer linked wallet. Source: MistTrack on X.
Railgun is a privacy chain protocol that helps obscure blockchain transactions. It employs zero-knowledge succinct non-interactive arguments of knowledge (ZK SNARKs), a zero-knowledge proof (ZKP) technology to verify on-chain data without revealing said data.
As such, users are able to hide their wallet addresses. This theoretically makes it suitable for bad actors looking to evade law enforcement.
However, in this case, Inferno Drainer’s transaction was rejected by Railgun’s automated Private Proofs of Innocence (Private POI) system.
According to Railgun, the POI system, introduced in 2023, uses cryptographic assurance to verify that tokens deposited to the Railgun smart contract don’t originate from blacklisted addresses.
“Upon use, a ZK proof (a small piece of sealed data) is automatically created that proves that their tokens are not a part of a pre-set list of interactions and wallets,” the system’s official documentation explains.
While this feature did not help with the recovery of the funds, it sent the funds back to the attacker’s address, preventing them from withdrawing the funds.
To date, Inferno Drainer has launched over 9000 phishing websites. The service has targeted several crypto and NFT projects such as Arbitrum, Optimism, MetaMask, OpenSea, LayerZero Labs, and many others.
The service charges 30% for making phishing websites and another 20% for each successful theft.
Estimates from Dune analytics suggest the malware has siphoned over $180 million in crypto from over 189,000 victims since its inception in August 2023.
Interestingly, last year, the team behind the scam service announced its plans to discontinue its services in a Telegram post. It also warned its subscribers not to trust anyone claiming to be the same.
Meanwhile, Railgun has been at the center of controversies following allegations of money laundering by North Korean hackers. The project has refuted these claims. It has also been backed by Ethereum co-founder Vitalik Buterin, who claims that privacy is normal.