The scale of thefts in the crypto industry can be obscenely large. For example, in August, a wealthy investor lost $243 million worth of bitcoins to a group of young people with no relevant experience.

Ledger Flex hardware cryptocurrency wallet

Still, for some reason they recorded the theft process on video, on which they disclosed their own personal data. This allowed us to reach the authors of the hack, which we wrote about in detail in a separate article.

How cryptocurrencies are stolen

A wallet ending in “e57” fell victim to a phishing attack on 27 September, with 12,083 Spark Wrapped Ethereum (spWETH) worth $32 million stolen during the attack. The victim’s wallet had previously interacted with the decentralised Spark protocol.


The token in question is a wrapped token, which is based on ETH. Typically, wrapped tokens are used to interact with a particular crypto asset on another blockchain while maintaining its value. The most popular wrapped token is WBTC with a market capitalisation of $9.7 billion. It is needed to use an analogue of bitcoins on the Etherium network.


According to Cointelegraph’s sources, initially 10,000 spWETH worth $26 million were transferred to a wallet starting with “0x471c”.

Some of those funds were then distributed to four other wallets. Another 1750 ETH went to the wallet starting with “0x105c”, while 2613 ETH were sent to the address starting with “0x278d”. The whole scheme of funds movement is shown in the screenshot below.

Map of the movement of stolen funds in a fresh cryptocurrency investor scam

These and the remaining funds were withdrawn from the victim’s wallet using the Inferno Drainer malicious service, which is categorised as a scam-as-a-service. These are scammer platforms that are designed to deceive other users and are distributed to hackers on a subscription or one-time payment basis.

At the same time, Inferno Drainer itself is a phishing service that steals funds through fake versions of popular DeFi applications, trying to trick users into signing a transaction to transfer control of their funds. Over the course of its existence, Inferno Drainer has caused more than $215 million in losses.


Let us remind you that permissions when interacting with blockchain applications is one of the main tools for hackers to steal coins. Still, most often users do not see what kind of permissions they grant, while in other cases they do not understand the essence of a certain action.

However, some permissions allow scammers to remotely withdraw crypto-assets from the victim's wallets, which is usually necessary for exchange transactions on decentralised exchanges. Hackers are successfully taking advantage of this. The only solution here is to store most of the coins on hardware wallets, which are only used to send and receive transactions, but do not interact with smart contracts.


Cryptocurrency hackers

Inferno Drainer operators receive a 20 per cent commission on stolen tokens. Although the developers initially closed the service back in November 2023, it was relaunched in May 2024 – and with new features.

The service currently supports 28 different blockchains and hundreds of DeFi applications, making it one of the biggest threats in cryptocurrencies. Still, in the world of crypto, many users interact with more than one network, which appropriately increases the chances of problems with digital assets.

Transactions with withdrawals from the victim’s wallet

The identity of the victim has not yet been established, but a well-known analyst ZachXBT has spotted large transactions linking the wallet to a whale under the alias CZSamSun. Amusingly, his nickname is almost similar to the signature of @samczsun – an analyst at venture capital firm Paradigm.

Victim of a massive blockchain attack

The victim also sent a message on the blockchain offering to leave 20 per cent of the stolen funds as a reward if the hacker voluntarily returned at least some of the coins. In this case, the user himself would not contact law enforcement authorities. Unfortunately, after that the attacker never showed up, which means that the prospect of returning the funds has become much less.

According to analysts, in August the number of phishing attacks increased by 215 per cent, with total losses exceeding $66 million.

This trend is unlikely to change course in the near future: the fourth quarter of 2024 promises to be eventful, which will lead to increased activity in crypto and attract even more fraudsters.

Three reasons can be highlighted here. First of all, the US Federal Reserve has started a cycle of base interest rate cuts, which reduces pressure on the economy and forces investors to look for new tools to generate income. That is, the number of buyers of bitcoins and other coins will grow in the near future.

US Federal Reserve Chairman Jerome Powell

Secondly, the US presidential election will be held in November, with Donald Trump claiming victory. He has been supporting the crypto-industry for the past few months and has also managed to become the first president to conduct a transaction in the Bitcoin network. Therefore, his possible victory will definitely affect the coins’ popularity.

Thirdly, the end of the year is traditionally the most profitable period for Bitcoin and the coin market in general. Still, the average return of BTC in October and November in recent years is 22 and 46 per cent respectively. And this will definitely attract new buyers of the crypto, which in turn will be in the crosshairs of hackers.

Bitcoin returns by month


As we have already noted, there is still a reliable way to protect cryptocurrencies. We are talking about using a hardware wallet as a cold storage that never interacts with decentralised applications and smart contracts. Accordingly, the wallet will only be used to send and receive coins, which does not require any authorisation. Well, this with proper storage of cid-phrase reduces the probability of hacking to almost zero.