Super Saiyan of Security. Hacker and Threat Analyst. Rookie Sleuth. See Section 10 of the Public Report
Inferno Drainer: The Evolution of a Wallet Draining Threat and a Final Goodbye
Inferno Drainer: A history In the ever-evolving world of cybercrime, few threats have shaken the Web3 community as much as Inferno Drainer. First identified in early 2023 by prominent blockchain security firms and researchers like myself, Inferno Drainer rose to infamy by targeting crypto wallets using a combination of social engineering, phishing tactics, and obfuscated malicious code to deter researchers like myself. After a brief retirement in late 2023, Inferno resurfaced in May 2024, con...
Inferno Drainer: The Evolution of a Wallet Draining Threat and a Final Goodbye
Inferno Drainer: A history In the ever-evolving world of cybercrime, few threats have shaken the Web3 community as much as Inferno Drainer. First identified in early 2023 by prominent blockchain security firms and researchers like myself, Inferno Drainer rose to infamy by targeting crypto wallets using a combination of social engineering, phishing tactics, and obfuscated malicious code to deter researchers like myself. After a brief retirement in late 2023, Inferno resurfaced in May 2024, con...
End of Inferno Drainer
Who was Mr. Inferno? It was in my article here that I announced my interest in drainers and some of my contributions over the short time. Mr. Inferno gained attention in March of 2023. Around $6 million had already been stolen by that time. To date, its assumed Inferno worked alone and was not a team effort. Like Monkey Drainer, Inferno empowered bad actors to scam users. After months of reporting links to services like LinkTree or Bitly, reporting Twitter ads, adding up the new stolen total,...
End of Inferno Drainer
Who was Mr. Inferno? It was in my article here that I announced my interest in drainers and some of my contributions over the short time. Mr. Inferno gained attention in March of 2023. Around $6 million had already been stolen by that time. To date, its assumed Inferno worked alone and was not a team effort. Like Monkey Drainer, Inferno empowered bad actors to scam users. After months of reporting links to services like LinkTree or Bitly, reporting Twitter ads, adding up the new stolen total,...
Inferno Drainer, Injected through malicious Browser Extension
Today we chat about “Mr. Inferno” vs Blur.io. Drainers and another evolution. If you are unfamiliar with “wallet drainers”, I will briefly introduce the topic. In this article, I dismissed some implied credit for research into Inferno Drainer but here I am with some of my own ideas. Last night, I found a browser extension that can be attributed to Inferno or one of his many customers. I will not share the extension to avoid encouraging users to “test it”. There was a victim who “accidentally”...
Inferno Drainer, Injected through malicious Browser Extension
Today we chat about “Mr. Inferno” vs Blur.io. Drainers and another evolution. If you are unfamiliar with “wallet drainers”, I will briefly introduce the topic. In this article, I dismissed some implied credit for research into Inferno Drainer but here I am with some of my own ideas. Last night, I found a browser extension that can be attributed to Inferno or one of his many customers. I will not share the extension to avoid encouraging users to “test it”. There was a victim who “accidentally”...
Should you use SMS Authentication?
The Rise of Bypassing 2FA/MFA The world of Cybersecurity is always evolving. Having a 2-Factor/Multi-Factor Authentication method was usually enough to thwart attackers from gaining access to your valuables. In the past few weeks, one specific authentication method is under attack. Let’s start with Stellar Twitter account. It was compromised by a SIM Swap. Pausing for the new readers. A SIM Swap happens when someone is able to impersonate you and transfer your number to a device owned by them...
Should you use SMS Authentication?
The Rise of Bypassing 2FA/MFA The world of Cybersecurity is always evolving. Having a 2-Factor/Multi-Factor Authentication method was usually enough to thwart attackers from gaining access to your valuables. In the past few weeks, one specific authentication method is under attack. Let’s start with Stellar Twitter account. It was compromised by a SIM Swap. Pausing for the new readers. A SIM Swap happens when someone is able to impersonate you and transfer your number to a device owned by them...
Surprise
There are various articles recounting the ~$6M haul from Inferno Drainer. Who knew a message to Scam Sniffer would turn to this tweet below? For a few days I have seen “security enthusiast 0xSaiyanGod” quoted on twitter and media platforms as the one who shed light on “Mr.Inferno”. I want to first credit other researchers who have worked to help victims and bring awareness to security. While I was not surprised to see Mr. Inferno, the intent was to inform, not yet determined why inferno was t...
Surprise
There are various articles recounting the ~$6M haul from Inferno Drainer. Who knew a message to Scam Sniffer would turn to this tweet below? For a few days I have seen “security enthusiast 0xSaiyanGod” quoted on twitter and media platforms as the one who shed light on “Mr.Inferno”. I want to first credit other researchers who have worked to help victims and bring awareness to security. While I was not surprised to see Mr. Inferno, the intent was to inform, not yet determined why inferno was t...
