ChainCatcher news, according to Decrypt, the latest report from cybersecurity company Check Point Research (CPR) shows that the cryptocurrency theft malware Inferno Drainer, which claimed to cease operations in November 2023, is still active and has stolen over $9 million in the past six months. This malware has attacked more than 30,000 cryptocurrency wallets, primarily targeting Ethereum and BNB Chain users.Researchers found that the smart contract of Inferno Drainer has continued to operate since its deployment in 2023, with the latest version using single-use smart contracts and on-chain encryption configurations, significantly enhancing its stealth. Its command and control servers obfuscate communication through proxy systems, making the attacks harder to trace. Recently, this malware has implemented phishing by spoofing the verification interface of the well-known Discord bot Collab.Land, using "subtle visual differences" to trick users into signing malicious transactions.CPR warns that since the legitimate Collab.Land itself requires wallet signature verification, even experienced users may lower their guard. CPR advises users to verify the authenticity of the platform before connecting their wallets.

ChainCatcher news, Slow Mist founder Yu Xian posted on social media that the theft of 12,000 ETH last year was carried out by the Eastern European hacker group Inferno Drainer, not North Korean hackers. The money laundering methods have some overlap with North Korean hackers, making it very difficult to recover the funds.

ChainCatcher news, Slow Mist founder Cosine stated that Lottie Player was attacked by supply chain poisoning, with Ace Drainer related to phishing gangs poisoning the front-end script module Lottie Player relied on by well-known Web3 projects. Fortunately, it was discovered in time, and the impact should be minimal.If your project uses the Lottie Player module, please check whether there is any malicious code introduced (currently known versions 2.0.4 and the latest 2.0.8 do not contain malicious code).

ChainCatcher message, according to Scam Sniffer monitoring, an hour ago, the Inferno Drainer wallet address transferred 2,845 ETH (worth 7.5 million USD) of stolen funds to multiple new addresses.

ChainCatcher news, Slow Mist founder Cosine posted on the X platform revealing that the phishing group Angel Drainer has announced its dominance over the previous phishing attack involving 15,079 fwDETH assets.

ChainCatcher message, Slow Mist Yu Xian posted on platform X stating that there are several key pieces of information to note regarding a phishing incident involving a user's WETH on Blast:The WETH on Blast is Blast's wrapped ETH token issued by Blast, the contract is upgradeable and supports permit offline authorization signatures;The WETH code on the Ethereum mainnet is also about 50 lines, very simple and reliable, for every WETH issued, there is an equivalent amount of ETH stored in the contract, without the flashy features like permit;The user was phished because Inferno Drainer supported the Blast WETH permit offline authorization signature, the phishing gang really studied the details, and details determine the profits.

ChainCatcher message, according to Scam Sniffer monitoring, in the past few days, a certain drainer has stolen over 7000 TON. It uses origin spoofing to impersonate StonFi, with approximately 3 victims affected every minute.

ChainCatcher message, according to Scam Sniffer monitoring, 7 hours ago, the scam service provider Inferno Drainer transferred 1,600 ETH (approximately 5.29 million USD) of stolen funds to a new address.

ChainCatcher news, according to Cointelegraph, blockchain security company Match Systems released a report on July 16 stating that the crypto phishing application Angel Drainer has been shut down after the developers may have exposed their identities. The Drainer program allows scammers to trick users into granting token authorization, easily stealing cryptocurrency.Previously, Blockaid reported that phishing scammers used Angel Drainer to steal over $25 million from 35,000 users.

ChainCatcher news, the notorious wallet theft group Inferno Drainer attempted to transfer $530,000 worth of stolen ETH through the privacy protocol Railgun, but the action was blocked by Railgun, forcing them to send the stolen ETH back to Inferno's original wallet address.

ChainCatcher message, according to Scam Sniffer monitoring, 5 hours ago, a phishing scam address related to Inferno Drainer transferred 365 ETH (1.12 million USD) to a new address.

ChainCatcher message, according to MistTrack monitoring, Inferno Drainer has become active again, having just transferred approximately 304 ETH to SynapseRouter.

ChainCatcher news, according to a disclosure by Yu Xian, the founder of Slow Fog, the notorious phishing gang Pink Drainer has been targeted by a phishing group using similarly numbered wallet addresses, with Pink Drainer-related addresses transferring 10 ETH to a fake address.Pink Drainer: 0x8980ab6d185af9bcc10292d4e91ae4c0b4f14213Real: 0xEfF0E5244d5C78Ba4DD6bc01082576280558f58AFake: 0xEfF0eCD2eB275C3CEE4A17D9B8f101551d58f58A

ChainCatcher news, according to monitoring by Shield, the scam-as-a-service provider PinkDrainer has staked a total of approximately 18.1 million dollars worth of DAI into Spark, accounting for about 1.348% of the total sDAI tokens.Previous news, according to monitoring by Cyvers Alerts, the scam organization PinkDrainer is using 5 different addresses to transfer stolen funds. It has been confirmed that they have transferred a total of 5.9 million dollars worth of crypto assets from these 5 addresses into multiple other addresses.

ChainCatcher news, according to a screenshot released by a blockchain security agency, the hacker scam group Pink Drainer announced it will shut down its services after stealing over $75 million. The announcement stated that Pink Drainer has reached its goal and will be decommissioned as planned. All infrastructure will be gradually shut down, and the stored information will be cleared and destroyed. The administrators remind users to be wary of impersonators and state that they will not return in the future. If there are any messages claiming to be from them but not signed with their wallet addresses (0x636/0x9fa), then they were not issued by them.

ChainCatcher news, according to monitoring by Shield, a whale address starting with 0xff49 has become a victim of the PinkDrainer phishing scam, losing approximately 562.4 stETH (about 1.66 million USD).

ChainCatcher message, according to Cyvers Alerts monitoring, the scam organization PinkDrainer is using 5 different addresses to transfer stolen funds. It has been confirmed that a total of 5.9 million dollars worth of crypto assets have been transferred from these 5 addresses and deposited into multiple other addresses.It is worth noting that PinkDrainer has processed 600 ETH through the Railgun mixing service, worth approximately 2 million dollars.

According to ChainCatcher news, monitoring by Shield has revealed that the scam-as-a-service provider PinkDrainer has staked a total of 12 million DAI to Spark, accounting for approximately 1.194% of the total sDAI token supply, making it one of the top 12 holders of sDAI.