As a seasoned cybersecurity professional with over two decades of experience under my belt, I’ve seen my fair share of digital mayhem and skullduggery. The tale of Konpyl, the elusive figure linked to Inferno Drainer, is one that piques my curiosity and sets off alarms in equal measure.
This year, noteworthy cryptocurrency drainers such as Inferno and Pink made headlines by announcing they were going out of service, but unfortunately, victims are still experiencing significant financial losses.
Last October, Scam Sniffer reported a loss of over $20 million due to phishing scams. Compared to September, although the total amount decreased by 56%, the number of victims experienced a 20% increase, reaching 12,058.
According to Alex Katz, CEO and co-founder of Kerberus, an internet browser security plugin, the rate at which volume is depleted can fluctuate from one month to another in response to market changes, but the rising count of affected individuals has become a cause for concern.
It seems that cyber thieves, known as “drainers,” are likely closing up shop due to the substantial profits they’ve amassed. If they persist, it’s only a matter of time before they or their associates are caught by law enforcement or cybersecurity teams, according to Cos, the founder of MistTrack, in an interview with CryptoMoon.
For instance, Tether, the leading global stablecoin provider, has temporarily halted at least three digital wallets linked to drainage activities.
Without Tether providing a response, a private investigator known to be collaborating with authorities on cryptocurrency-related drainage cases has disclosed that the mentioned wallets have been seized, following a directive from a law enforcement body.
The detective is collaborating with law enforcement agencies in an effort to locate a questionable figure called Konpyl. It’s been revealed by CryptoMoon Magazine that Konpyl and connected digital wallets are suspected of being involved in a counterfeit Rabby wallet scheme, which allegedly stole approximately $1.6 million from unsuspecting victims.
During their probe, the magazine discovered connections between the Konpyl online identity and a cryptocurrency CEO residing in Dubai, whose allegations of innocence and claims of being a victim of extortion were made public.
Not only do the recently frozen Tether accounts connect to wallets known as “drainers,” but they also link to an account named Konpyl.
In essence, ‘[Konpyl]’ can be described as a heavy user of our drainers service,” the investigator shared with CryptoMoon. “It appears that ‘[Konpyl]’ predominantly relies on Inferno Drainer, but has also dabbled in using Pink Drainer from time to time.
Top drainers are unplugging
As a seasoned crypto investor, I’ve come across individuals known as “crypto drainers.” They usually operate by capitalizing on loopholes in smart contracts, launching phishing scams, or employing social engineering tricks to infiltrate digital wallets.
Developers create tools that are sold to unlawful users, allowing them to carry out attacks and thefts for a price. This method is now commonly referred to as the “fraud-on-demand” model.
One key perspective to adopt is viewing “drainers” as types of businesses, according to Katz. In fact, if you examine the transactions that drain resources, a significant portion of it often ends up with the individual who established the drainer, due to their taking a commission fee.
For some time now, these software tools have gained prominence by being sold under their individual labels. Notable among them are Inferno, Pink, and the widely used Monkey Drainer.
These three aren’t the only drainers around, but they do share a common trait. All of them have announced shutdowns, with Inferno the latest to unplug in October. Inferno claimed that its services have been taken over by Angel Drainer.
Among the pioneers of utilizing the Software-as-a-Service (SaaS) draining approach, Monkey Drainer was a notable figure. However, it ceased operations in March 2023, paving the way for new entrants like Inferno and Pink to appear on the scene.
A person once involved with the security community, who had previously aided in combating Monkey Drainer, is believed to have created Pink Drainer. However, this individual reportedly switched sides later on. Pink Drainer, who claimed responsibility for such actions, declared retirement in May 2024, following accumulation of approximately $85 million from over 21,000 unsuspecting victims.
As an analyst, I found myself observing a shift in the competitive landscape when Inferno, having announced its retirement in November 2023, seemingly vanished from the scene. However, the dynamics changed once Pink departed, and surprisingly, Inferno reemerged, hinting at a potential comeback or a strategic move within the gaming community.
The recent closure of Inferno was announced several days following the freeze of three Tether wallets on October 16th, coincidentally on the same day that CryptoMoon Magazine released their findings about Konpyl and the fraudulent Rabby wallet.
The Inferno and Konpyl connection
The blockchain data indicates a possible connection between the accounts tied to Konpyl and those attributed to Inferno. However, opinions among security analysts differ regarding the precise nature of this link.
A notable instance of an on-chain connection stems from an event in March 2024, where a user suffered a loss of $4.39 million worth of cryptocurrencies due to a cybercriminal utilizing the Inferno Drainer toolset.
In the investigation led by blockchain detective ZachXBT, some of the stolen tokens were destroyed, while others were moved to the wallet address 0x344…12ac3, which MistTrack security firm suspects belongs to Inferno Drainer. Meanwhile, approximately $767,610 worth of Wrapped Ether found its way into the DeFi platform CoW Protocol.
On the other end, this amount is received by 0x87B…A53d92 (CoW Output) in Tether (USDT).
From this CoW output address, a relationship with Konpyl can be drawn.
This address (0xF2F…) made three transactions: one in August 2022, two in August 2022 (the second one being a repeat), and another in May 2024. The initial transaction among these was the funding transaction for this wallet, which marked the first transfer into the account with address 0xF2F…
0xF2F is connected to a Konpyl account via seven transactions, dating back to October 2023, with a combined value of approximately half a million dollars. This link suggests that the 0xF2F wallet serves as a conduit between the March 2024 Inferno Drainer scheme and the entity involved in the 2024 counterfeit Rabby wallet case, as evidenced by this trail of transactions.
Unpacking the fund movements
According to the private investigator, these actions indicate that the entity called Konpyl might be a heavy user of Inferno Drainer or could potentially have a more extensive role in its use.
Still, Fantasy, investigation lead at crypto insurance firm Fairside Network, has a different take.
In a different phrasing, I’d say: It was suggested to CryptoMoon that there’s a possibility that none of the wallets initially thought to be associated with Inferno Drainer within CoW Protocol actually were. Instead, these wallets might have been owned by customers of Inferno Drainer.
An Inferno customer isn’t likely to voluntarily forfeit additional funds from a theft. It seems more plausible that this is a customer transferring the stolen funds to another wallet,” he explained to CryptoMoon, indicating transactions displaying outgoing fees being paid to a different wallet.
Fantasy also presented an alternative as to why Konpyl could be linked to the exploits.
Fantasy speculates that he could be an over-the-counter trader, and there’s a possibility that illicit actors are using him to clean their money. This theory might shed light on why Konpyl’s Rhino outputs appear as they do, according to Fantasy’s interpretation of the onchain movements detailed in CryptoMoon Magazine’s October investigation.
Masking actions among Over-the-Counter (OTC) traders isn’t unusual. Typically, they don’t worry about where the funds are coming from, so long as they get their commission.
Law enforcement and security experts closing the gap
In the meantime, Fun, the founder of Scam Sniffer, shared with CryptoMoon that ongoing efforts from organizations such as MistTrack, Scam Sniffer, and SEAL 911’s security team are helping to identify and block illegal cryptocurrency addresses.
Internet browser extensions like Kerberrus also exist, while wallets are increasingly integrating user-security services like Blockaid.
Functioning as a precautionary measure, it was unavoidable that they were shut down, Fun explained. Whether we’re talking about Inferno Drainer or Pink Drainer, these are merely services exploited by scammers. The true culprits behind these drainer names remain concealed.
Nevertheless, Katz from Kerberrus advises that shutdowns in the cryptocurrency world should be viewed skeptically, as they might be feigning withdrawal, similar to Inferno’s announced retirement in November 2023, which could later prove to be a ruse, leading to chaos for nearly half of 2024.
Katz stated that some may claim they close operations to make security less vigilant. However, he pointed out that they can simply change their identity and resume business under a different name.
It’s essential to understand that these individuals are criminals, so their words should always be met with skepticism.
Read More
- BCH PREDICTION. BCH cryptocurrency
- ENJ PREDICTION. ENJ cryptocurrency
- UNI PREDICTION. UNI cryptocurrency
- RIF PREDICTION. RIF cryptocurrency
- TRU PREDICTION. TRU cryptocurrency
- WRX PREDICTION. WRX cryptocurrency
- GFI PREDICTION. GFI cryptocurrency
- JASMY PREDICTION. JASMY cryptocurrency
- CTXC PREDICTION. CTXC cryptocurrency
- FXS PREDICTION. FXS cryptocurrency
2024-11-20 00:15