based on materials from the site - By Cointelegraph
A blockchain researcher attributed a theft of at least $5.27 million in cryptocurrency over three weeks to the increasingly popular fraudulent service Vanilla Drainer.
Lenders are organizations that provide fraudsters with fraudulent software, often combined with phishing techniques to access victims' funds. Vanilla is part of a new generation of such groups and has mostly gone unnoticed, but recent thefts of large sums have attracted the attention of blockchain detectives.
According to Scam Sniffer, the peak of exit fraud occurred in 2024, when victims lost nearly $500 million to popular services like Angel, Inferno, and Pink. The thefts are still occurring frequently, although volumes have decreased due to new security technologies. Nonetheless, blockchain researcher Darkbit warns that the fraudsters are adapting.
"I see that [Vanilla] is taking many clients from Inferno," Darkbit told Cointelegraph in an interview. "Most of the large six- and seven-figure thefts lately can be attributed to Vanilla Drainer."
Early Vanilla thefts can be traced back to October 2024, but the earliest known public advertisement for Vanilla was published on December 8, 2024, although it has since become unavailable. The advertisement claimed that Vanilla could bypass Blockaid — a fraud detection platform that thieves often cite as a major factor in reduced revenues, and in some cases, closure.
The service begins with a 20% commission on fraudulent revenues paid to the provider, which is considered standard practice in the world of theft. According to Vanilla's advertising, this amount can be reduced for larger thefts.
The largest theft attributed to Vanilla occurred on August 5, when a victim lost $3.09 million in stablecoins. In this case, the operators of Vanilla apparently received a commission of $463,000 for providing the tools, which is about 17% of the stolen funds.
After splitting, Vanilla typically converts tokens into its own blockchain cryptocurrency, such as Ethereum (ETH), and then transfers them to a wallet for the final commission (0x9d3…E710d), where, according to Darkbit, most of the fraud commissions accumulate. About $1.6 million from this wallet was converted into Dai (DAI), a decentralized stablecoin pegged to the US dollar that cannot be frozen, unlike its centralized counterparts, USDt (USDT) or USDC (USDC). At the time of writing, the wallet held $2.23 million in tokens, primarily in DAI and ETH.
Several crypto-drainers have shut down as security tools have weakened the crypto-draining industry, but recently crypto-drainers have been adopting new tactics.
According to Darkbit, one of the methods that Vanilla uses to stay one step ahead is cyclic domain switching, not lingering too long in one place.
"I am starting to see new malicious contracts created for each malicious site and domain to avoid drawing attention," Darkbit reports.
In July, phishing scams stole $7.09 million from victims, which is 153% more than in June. The number of victims also increased by 56%, to 9,143, according to Scam Sniffer data.
The largest single loss in July was $1.23 million. According to blockchain data, the total amount of commissions received from this fraud was 54 ETH, which at the time amounted to $204,074. Ultimately, these commissions were transferred to the same alleged Vanilla wallet linked to the $3.09 million incident in August.
Blockchain analysis also links Vanilla Drainer to two other six-figure incidents in July, resulting in the hacker's responsibility being estimated at $2.19 million — over 30% of the total volume of phishing attacks for the month.
From July 15 to August 5, Vanilla was used in at least four major fraud schemes totaling $5.27 million, each resulting in six- to seven-figure losses.
Vanilla has quickly established itself in the shrinking but still dangerous sector of crypto crime. Despite overall outflow volumes slowing since 2024, Vanilla is attracting millions of former Inferno users. Darkbit claims that its operators remain agile, changing domains and contracts to stay ahead.
History shows that even public shutdowns rarely mean the end. For example, Inferno Drainer announced its closure in November 2023, but then reappeared in 2024 before passing control to Angel Drainer in the same year. Despite these announcements, activity related to Inferno continued into 2025, leading to losses of over $9 million over six months.
The rapid growth of Vanilla amid the resilience of Inferno shows that dump services rarely disappear — they adapt, rebrand, or pass their tools to new operators. For researchers, the challenge is to keep pace with an ecosystem that refuses to die.
#MarketRebound #Сryptomarketnews
Dear readers! Among you are many people who have enough time for independent monitoring of the information agenda of the crypto market and the world of finance. So subscribing to "our news feed" is usually used by those of you who find it much more convenient to read all the most interesting changes in the news agenda of the world of finance and cryptocurrency in one group, rather than independently monitoring about twenty information websites and print publications (where we have already conducted this monitoring for you)!!! As they say, - "each to their own." 😀
Enjoy your viewing! Your reaction to the news you read is the best reward for us!!!
😉
