Super Saiyan of Security. Hacker and Threat Analyst. Rookie Sleuth. See Section 10 of the Public Report
0xSaiyanGod.ethInferno Drainer, Injected through malicious Browser Extension
Today we chat about “Mr. Inferno” vs Blur.io. Drainers and another evolution. If you are unfamiliar with “wallet drainers”, I will briefly introduce the topic. In this article, I dismissed some implied credit for research into Inferno Drainer but here I am with some of my own ideas. Last night, I found a browser extension that can be attributed to Inferno or one of his many customers. I will not share the extension to avoid encouraging users to “test it”. There was a victim who “accidentally”...
0xSaiyanGod.ethShould you use SMS Authentication?
The Rise of Bypassing 2FA/MFA The world of Cybersecurity is always evolving. Having a 2-Factor/Multi-Factor Authentication method was usually enough to thwart attackers from gaining access to your valuables. In the past few weeks, one specific authentication method is under attack. Let’s start with Stellar Twitter account. It was compromised by a SIM Swap. Pausing for the new readers. A SIM Swap happens when someone is able to impersonate you and transfer your number to a device owned by them...
0xSaiyanGod.ethInferno Drainer: The Evolution of a Wallet Draining Threat and a Final Goodbye
Inferno Drainer: A history In the ever-evolving world of cybercrime, few threats have shaken the Web3 community as much as Inferno Drainer. First identified in early 2023 by prominent blockchain security firms and researchers like myself, Inferno Drainer rose to infamy by targeting crypto wallets using a combination of social engineering, phishing tactics, and obfuscated malicious code to deter researchers like myself. After a brief retirement in late 2023, Inferno resurfaced in May 2024, con...
0xSaiyanGod.ethInferno Drainer, Injected through malicious Browser Extension
Today we chat about “Mr. Inferno” vs Blur.io. Drainers and another evolution. If you are unfamiliar with “wallet drainers”, I will briefly introduce the topic. In this article, I dismissed some implied credit for research into Inferno Drainer but here I am with some of my own ideas. Last night, I found a browser extension that can be attributed to Inferno or one of his many customers. I will not share the extension to avoid encouraging users to “test it”. There was a victim who “accidentally”...
0xSaiyanGod.ethShould you use SMS Authentication?
The Rise of Bypassing 2FA/MFA The world of Cybersecurity is always evolving. Having a 2-Factor/Multi-Factor Authentication method was usually enough to thwart attackers from gaining access to your valuables. In the past few weeks, one specific authentication method is under attack. Let’s start with Stellar Twitter account. It was compromised by a SIM Swap. Pausing for the new readers. A SIM Swap happens when someone is able to impersonate you and transfer your number to a device owned by them...
0xSaiyanGod.ethInferno Drainer: The Evolution of a Wallet Draining Threat and a Final Goodbye
Inferno Drainer: A history In the ever-evolving world of cybercrime, few threats have shaken the Web3 community as much as Inferno Drainer. First identified in early 2023 by prominent blockchain security firms and researchers like myself, Inferno Drainer rose to infamy by targeting crypto wallets using a combination of social engineering, phishing tactics, and obfuscated malicious code to deter researchers like myself. After a brief retirement in late 2023, Inferno resurfaced in May 2024, con...
Super Saiyan of Security. Hacker and Threat Analyst. Rookie Sleuth. See Section 10 of the Public Report
Subscribe to 0xSaiyanGod.eth
Subscribe to 0xSaiyanGod.eth
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
There are various articles recounting the ~$6M haul from Inferno Drainer. Who knew a message to Scam Sniffer would turn to this tweet below? For a few days I have seen “security enthusiast 0xSaiyanGod” quoted on twitter and media platforms as the one who shed light on “Mr.Inferno”. I want to first credit other researchers who have worked to help victims and bring awareness to security. While I was not surprised to see Mr. Inferno, the intent was to inform, not yet determined why inferno was there. It would seem the team was not actively investigating this but one of the admins responded to my message with a TX Hash I was curious about. That TX Hash exposed a familiar wallet address labeled “Fake_Phishing76183”.
https://twitter.com/realScamSniffer/status/1659484963035836416?s=20
I spend my days reporting on Chainabuse and doing my fair share in security awareness. Scam Sniffer is one of many groups I frequent to follow along with updates. If you check my twitter, you will find all sorts of content related to security, whether it be targeted at CT or security as we know it. Not too long before the tweet from Scam Sniffer, myself along with notable names in Web3 were thanked for helping someone follow their funds. A compromise in the user’s Evernote lead to a substantial loss. A common problem, phishing, is still the same old attack. Wallet drainers are no secret to the CT community but they have evolved over the months. Whenever I see “Fake_Phishing”, I used to assume it was a wallet drainer. My introduction into these types of phishing scams date back to the now retired Monkey Drainer. This isn’t long ago at all. Fake airdrop pages, fake FTX Support pages, websites asking for your seed phrase, these are just a few examples of how wallet draining has moved through the crypto community. With a short scroll down my feed, you will find me sharing resources to avoid future scams. On occasion, you’ll find meaningless tweets and posts.
I will list a few articles you can read more about the reason many have heard of me in the past few days. My job is #Secur1tyResearch3r
https://cointelegraph.com/news/inferno-drainer-scam-as-a-service-has-stolen-5-9m-since-march-report
https://bitcoinist.com/inferno-drainer-scam-sees-nearly-6-million-in-crypto-stolen/
There are various articles recounting the ~$6M haul from Inferno Drainer. Who knew a message to Scam Sniffer would turn to this tweet below? For a few days I have seen “security enthusiast 0xSaiyanGod” quoted on twitter and media platforms as the one who shed light on “Mr.Inferno”. I want to first credit other researchers who have worked to help victims and bring awareness to security. While I was not surprised to see Mr. Inferno, the intent was to inform, not yet determined why inferno was there. It would seem the team was not actively investigating this but one of the admins responded to my message with a TX Hash I was curious about. That TX Hash exposed a familiar wallet address labeled “Fake_Phishing76183”.
https://twitter.com/realScamSniffer/status/1659484963035836416?s=20
I spend my days reporting on Chainabuse and doing my fair share in security awareness. Scam Sniffer is one of many groups I frequent to follow along with updates. If you check my twitter, you will find all sorts of content related to security, whether it be targeted at CT or security as we know it. Not too long before the tweet from Scam Sniffer, myself along with notable names in Web3 were thanked for helping someone follow their funds. A compromise in the user’s Evernote lead to a substantial loss. A common problem, phishing, is still the same old attack. Wallet drainers are no secret to the CT community but they have evolved over the months. Whenever I see “Fake_Phishing”, I used to assume it was a wallet drainer. My introduction into these types of phishing scams date back to the now retired Monkey Drainer. This isn’t long ago at all. Fake airdrop pages, fake FTX Support pages, websites asking for your seed phrase, these are just a few examples of how wallet draining has moved through the crypto community. With a short scroll down my feed, you will find me sharing resources to avoid future scams. On occasion, you’ll find meaningless tweets and posts.
I will list a few articles you can read more about the reason many have heard of me in the past few days. My job is #Secur1tyResearch3r
https://cointelegraph.com/news/inferno-drainer-scam-as-a-service-has-stolen-5-9m-since-march-report
https://bitcoinist.com/inferno-drainer-scam-sees-nearly-6-million-in-crypto-stolen/
No activity yet