Investigation into Cryptocurrency Theft
A recent investigation into cryptocurrency theft has revealed that a new scam operation known as Vanilla Drainer has been responsible for over $5.27 million in stolen funds within a mere three-week span. This service is part of an emerging trend where criminals use specialized software, often combined with phishing strategies, to drain victims’ accounts. While Vanilla Drainer may have initially evaded detection, the surge in substantial thefts has drawn scrutiny from blockchain security experts.
Trends in Draining Scams
According to Scam Sniffer, draining scams reached a peak in 2024, resulting in losses that approached $500 million. Major players in this realm included groups like Angel, Inferno, and Pink. Despite the decline in overall theft volumes thanks to advancements in security measures, the trend of draining operations continues. Darkbit, a blockchain investigator, has noted that these operations are evolving to counteract the increased security.
“We’re seeing Vanilla Drainer absorb many users who previously relied on Inferno,” Darkbit stated in an interview with Cointelegraph. “Most of the significant thefts of six and seven figures can now be traced back to Vanilla.”
Significant Heists and Operations
The most significant heist linked to Vanilla Drainer occurred on August 5, resulting in a loss of $3.09 million in stablecoins. In this instance, the operators of Vanilla received approximately $463,000, or 17% of the stolen amount, as their fee for facilitating the theft. After securing their cut, Vanilla typically converts the stolen tokens into a major cryptocurrency like Ether, moving the funds to a designated wallet address where they can be accessed later. Presently, this wallet reportedly contains about $2.23 million in various tokens, primarily in DAI, a decentralized stablecoin.
Surge in Phishing Schemes
The activity of crypto drainers has notably surged, with a reported $7.09 million stolen through phishing schemes in July alone—a stark increase of 153% from the previous month, with victims rising by 56% to 9,143. Darkbit has observed that Vanilla employs strategies such as frequently altering their website domains to avoid detection by security systems.
Ongoing Challenges for Authorities
Notably, between July 15 and August 5, Vanilla was involved in four significant scams, totaling over $5.27 million. As some drainers have ceased operations in response to tighter security measures, Vanilla has swiftly established itself as a formidable player in the sector. Even as the draining arena contracts, Vanilla attracts former clients of other fraud services like Inferno, which had announced its shutdown in late 2023 yet continued operations into 2025.
This cycle of criminal enterprises adapting and recurring poses an ongoing challenge for authorities and blockchain investigators, who must remain vigilant against a constantly shifting landscape of crypto fraud.
