Inferno Drainer Nabs $900,000 Worth of Chainlink (LINK) in Latest Crypto Hack

• Inferno Drainer stole $900,000 worth of Chainlink’s LINK tokens in late January.
• Phished private wallet keys through a fraudulent crypto airdrop website.
• Swiftly drained the wallet with two transactions.

Yet another multi-hundred thousand dollar crypto hack hit the news this week, tied to the surging real-world asset tokenization trend and lax security practices.

According to threat intelligence group Arkham, hacking syndicate Inferno Drainer made off with $900,000 worth of Chainlink’s LINK tokens from a Swiss crypto investment fund’s hot wallet in late January. The attackers allegedly phished the victim’s private wallet keys using a fraudulent crypto airdrop website.

Last week, a wallet linked to the Swiss fund PrismInvest was drained by Inferno Drainer for $850K LINK.

In the morning of January 27th, “Alchemist63” signed two approval transactions, the first losing $450K in LINK.

12 seconds later, he was convinced to switch chains and again… pic.twitter.com/tYgRWGNaUb

— Arkham (@ArkhamIntel) February 5, 2024

Once inside, they swiftly drained the wallet across two transactions after securing signature approvals from the compromised “Alchemist63” account. The transactions targeted LINK specifically, siphoning $400,940 at first, then $456,400 twelve seconds later as the victim unwittingly approved both fraudulent money transfers.

Researchers subsequently tied the drained wallet to PrismInvest, a Switzerland-based fund with activity history on Binance dating back years. However, with digits keys now compromised, the stolen crypto likely passed through coin mixers and into Inferno’s possession permanently.

Cybersecurity risks around crypto rise

The eye-watering hack, one of many linked to Inferno Drainer, spotlights the cybersecurity risks surrounding the accelerating trend of real-world asset tokenization on blockchain ledgers.

With institutions and enterprises rushing to convert everything from commodities to currencies into tokenized digital representations, hackers salivate at the prospect of even easier big-game targets.

Chainlink has emerged as a tokenization leader, allowing real-world assets worth trillions to port onto its oracle-connected network. However, with financial titans like SWIFT, Associated Press, and major banks now gravitating to Chainlink, this latest $1 million LINK hack heightens the urgency around buttoning up security.

Industry experts urge companies tokenizing real-world assets to implement robust multi-factor authentication, isolate and vigilantly manage private keys, stress test systems against attacks, and carefully evaluate blockchain partners.

As more value floods into the crypto ecosystem from enterprise adoption, hackers will ratchet up efforts to siphon funds by exploiting vulnerabilities in tokenization architecture.