$1.25 million stolen in NFT Airdrop Phishing Scam linked to Inferno Drainer


Scam Sniffer has received multiple reports of theft related to NFT airdrops on Polygon. Victims received airdropped NFTs and believed in their contents, but ended up having their assets stolen after opening malicious links and signing malicious signatures during the claiming process.

The group responsible for these thefts has created 1,354 malicious NFTs on Polygon in recent months, impersonating legitimate airdrops from projects like RocketPool, ApeCoin, Polygon, Uniswap, and AAve. All malicious links in these airdrops lead to websites associated with Inferno Drainer, One of the “Scam As a Service” providers that steals $13M in the last few months.

A total of 530,000 wallets were targeted by these malicious NFTs, and 329 victims were associated with the targeted airdrops. In total, $1.25 million was stolen from these victims.

Dune Report: https://dune.com/scamsniffer/nft-phishing-polygon

Malicious NFT airdrops

Attackers transferred ApeCoin Airdrop malicious NFTs to their targets through batchtransfer.

The target opened their Portfolio Tracker or wallet and found and clicked on the malicious NFT.

As shown in the figure, they used beacons.ai for dynamic link redirection. The victim clicked on the malicious link in the description and signed the malicious signature in the malicious website, resulting in asset theft.

Large-scale malicious NFT airdrops

By analyzing the addresses associated with the airdropped NFTs received by the victims, we found many NFTs with similar patterns, including those that impersonated the airdrops of projects such as Rocketpool, Apecoin, Arbitrum, Uniswap, Ethereum, AAVE, ChainLink, etc.

Through analyzing on-chain data, we found that they created 1,354 malicious NFTs, targeted at 530,000 wallets, and a total of 1.25 million airdrops were made.

All of these malicious links lead to malicious websites associated with Infeno Drainer.

NFTMalicious LinkName
0x7432d7bcd16832e5e4d25943665bcafd67f717c9https://beacons.ai/rocketpoolrewardRocketpool Airdrop
0x3fa33da7c74c4b8d6311db1e598f56536c648a23https://beacons.ai/aperewardApecoin Airdrop
0xcd2d346b41aae8a8edf99af9379a180647c38cabhttps://tinyurl.com/maticrewardPolygon Airdrop
0x88b8dcc4a738dc16f6e0406874f5af8f1cd0591bhttps://beacons.ai/cakerewardPancakeswap Airdrop
0x5b8b1a0735f1613ddc6e32d1c36bcbc3de206a5fhttps://beacons.ai/pepeswapPepe Airdrop
0xef69c4d15413bf55369619d54237e679b5ec37bfhttps://beacons.ai/arbrewardArbitrum Airdrop
0x52776fc07a2c17719fef65d5eee70e53165e63d2https://beacons.ai/fantomrewardFantom Airdrop
0x566f821edd30d33992563459afc136a7b9d42c37https://beacons.ai/filecoinFilecoin Airdrop
0xffe28ec180700d9bc28299509eb7f02ca2f33620https://beacons.ai/linkrewardChainLink Airdrop
0x2925752fe873c4803c21d800c79e3ea33ba6049ahttps://beacons.ai/xrprewardXRP Airdrop
0xb953f160c7844b381594c75669fa8aaad67b0198https://beacons.ai/uniswaprewardUniswap Airdrop
0xb35ef719cb719895c94448c2672f63a3d2eb3b3fhttps://linktr.ee/shibswapTHE SHIBOSHIS
0xc6efa083a4498960213567921bec3ab32c9dadf0https://beacons.ai/cardanorewardCardano Airdrop
0x404686811ffbf5014548c07b8a43d862dc950dc9https://beacons.ai/ethrewardEthereum Airdrop
0xd608b49a90625d7749f35ed7e2ef8a4f94124768https://nftdecentralandmana.comDecentralandMANA Airdrop
0x5f01ca4266fa981befd6cd0f482f904127ab5d89https://tinyurl.com/quantrewardQuant Airdrop
0x5acb7792ab3e682ba1486c526d9bc808564f1aa3https://tinyurl.com/aaverewardAave Airdrop
0x402ff36a068630e7318ec13f1b545c30bb976734https://beacons.ai/sandrewardSandbox Airdrop

Targeted victims

TargetNet worth

We sampled some of the targeted airdrop addresses, most of which contained large amounts of assets.

Stolen Stats

By analyzing the 530,000 addresses targeted by these malicious NFTs and the victims of Infeno Drainer, we found that 329 victims were associated with the targeted airdrops, and a total of $1.25 million was stolen from these victims.

The largest victim, 0x9e1b8f42c28c793f67d44968529e338606ba7e66, lost about $150k.

Dune Report: https://dune.com/scamsniffer/nft-phishing-polygon


0x9e1b8f42c28c793f67d44968529e338606ba7e66, the largest victim, was recently phished for 79ETH through a Claim scam.

The victim received a malicious NFT from the ApeCoin Airdrop 24 days ago.

Gas Spend

By analyzing on-chain data, we found that the total gas cost for airdropping to these 500k addresses was only $15k, which was very low.

Excluding the 20-30% commission charged by using Inferno Drainer, we can estimate that they spent $15k to steal $875k in assets.

Among these targeted 500k addresses, new victims will continue to emerge in the future.

About Scam Sniffer

Scam Sniffer is an anti-scam platform that combined off-chain and on-chain monitoring data to provide real-time anti-scam protection for web3 users.

We’ve helped well-known platforms protect their users and are committed to making web3 secure for the next billion users.

Recent Articles

Related Stories