The team behind Inferno Drainer, a notorious crypto scam service, failed to launder a substantial amount of ETH after privacy protocol Railgun blocked the transaction. Railgun’s Private Proofs of Innocence system prevented laundering over 175 ETH, approximately $540,000.
According to MistTrack, on July 9, the team behind the subscription-based malware attempted the transaction. The transfer was initially flagged by Scam Sniffer, which recorded 365.7 ETH being moved by a scammer linked to Inferno Drainer.
Approximately 190.7 ETH was sent to a wallet identified as "0x0fc2e," and the remainder was transferred to a smart contract wallet linked with Railgun.
Transactions made by Inferno Drainer linked wallet. Source: MistTrack on X.
Railgun employs zero-knowledge succinct non-interactive arguments of knowledge (ZK SNARKs), a zero-knowledge proof technology that verifies on-chain data without revealing it. This helps conceal wallet addresses and transactions.
However, in this instance, Railgun’s automated Private Proofs of Innocence system, introduced in 2023, rejected Inferno Drainer’s transaction. The system uses cryptographic assurance to verify tokens do not originate from blacklisted addresses.
“Upon use, a ZK proof is automatically created that proves that their tokens aren’t part of a pre-set list of interactions and wallets,” Railgun’s documentation explains.
Although the funds were not recovered, they were returned to the attacker’s address, preventing withdrawal.
Inferno Drainer has launched over 9000 phishing websites targeting crypto and NFT projects like Arbitrum, MetaMask, and OpenSea. The service charges 30% for phishing websites and 20% for successful theft.
Estimates from Dune analytics suggest the malware has stolen over $180 million in crypto from over 189,000 victims since its inception in August 2023.
Last year, Inferno Drainer announced its plans to discontinue its services in a Telegram post, warning subscribers against imitators.
Meanwhile, Railgun has faced allegations of money laundering by North Korean hackers. The project has refuted these claims. It is supported by Ethereum co-founder Vitalik Buterin, who advocates for privacy.
