Arkham Intel reported that the Inferno Drainer crypto hack stole funds allegedly belonging to a Swiss investment fund, PrismInvest. Inferno Drainer siphoned $900,000 worth of LINK tokens on January 27, 2024, raising concerns about the recent tokenization boom.
Infamous hacking group Inferno Drainer reportedly secured signatures from “Alchemist63” for two separate transactions.
Crypto Hack Loses Almost $1 Million
The attack on the Swiss fund reportedly occurred on the morning of January 27, 2024. The first transaction signed by Alchemist63 drained $400,940 worth of LINK. Twelve seconds later, Inferno duped Alchemist63 into switching chains and transferring an additional $456,400 in LINK.
The victim’s address resembles a Binance account registered to a Swiss investment company, PrismInvest. The address has deposited roughly $300,000 into Binance over several years.
According to threat-detection service Scam Sniffer, Inferno Drainer stole approximately $81 million out of the $295 million siphoned through drainer attacks last year. Recently, authorities in Singapore warned of a new software kit for sale on the darknet that makes wallet-draining straightforward.
The hack usually starts as a phishing scam where a user is directed to a fake airdrop website. They then are asked to connect their wallets, authenticate their accounts, and interact with a smart contract. Unbeknown to the victims, the smart contract is seeded with malicious code that drains their crypto wallets and ensures their flows through crypto mixers.
Read more: How To Identify a Scam Crypto Project
Crypto security firm BlockAid said that Inferno Drainer is a decentralized group with many faces. They employ myriad smart contracts seeded with malicious code.
“As one of the largest decentralized attacker groups Inferno has registered nearly 1000 unique domains that are each unique dApps that connect back to their wallet drainer onchain.”
Chainlink Tokenization Boom Raises Concerns
The recent adoption of Chainlink as a blockchain for real-world asset (RWA) tokenization makes this incident of particular concern. Companies partnered with Chainlink include the Society for Worldwide Interbank Transfers (SWIFT), the Associated Press, and the New Zealand Banking Group.
Today saw large holders buy LINK worth $4.4 million, following similar on-chain moves last week, which suggests even more companies are coming on board. This increase shines a spotlight on the need for robust blockchain security.
Read more: What Is Chainlink (LINK)?
According to blockchain security firm Halborn, multi-factor authentication is one of the keys to RWA tokenization security. Private key management, security stress tests, and choosing the right blockchain are part of tokenization security.
“Implementing multi-factor authentication (MFA) adds an extra layer of security to the tokenization process. Regular security assessments and tests are vital to identify vulnerabilities, weaknesses, or potential exploits within the tokenization infrastructure [Secure key management] ensures that the keys remain protected from unauthorized access or tampering. Selecting the appropriate blockchain platform is crucial for secure tokenization.”
BeInCrypto has reached out to PrismInvest but has yet to hear back at the time of publication.