A blockchain investigator has been linked to at least $ 5.27 million in crypto stolen for three weeks in a rising scam service known as Vanilla Drainer.
The canals are creatures that provide scam software to scams, which are often paired with phishing tactics to access victims’ funds. Vanilla is part of a new generation of these groups and largely flew under the radar, but recent high amounts of theft have drawn attention from blockchain sleuths.
Draining scams sank in 2024, losing nearly $ 500 million in leading services, such as Angel, Inferno and Pink, according to Scam sniffer. Ddaining still occurs frequently, even though volumes have dropped due to new security technologies. However, blockchain investigator Darkbit warns that the canals are fitting.
“I see (Vanilla) taking a lot of inferno customers,” Darkbit told Cointelegraph. “Most large six and seven-figure drains of the latter can be attributed to the vanilla drainer.”
One victim lost $ 3 million in crypto in vanilla drainer
Earlier vanilla robbery could be monitored back in October 2024, but the most well -known public advertisement was posted on December 8, 2024, even though it was not accessible. The ad claimed the vanilla could miss Blockaid, a platform of discover Shutdown.
The service starts with a 20% cut of the proceeds scams for the canal provider, which is considered the standard split in the world of draining. According to Vanilla’s announcement, the percentage could go down for a larger haul.
Related: One year since Durov was arrested: What happened and what was the first?
The largest robbery associated with vanilla occurred on August 5, when a victim Lost $ 3.09 million in stablecoins. In this case, vanilla operators appear to have received a $ 463,000 fee for providing tools, or about 17% of stolen funds.
When the split is obtained, the vanilla usually converts tokens to the blockchain native cryptocurrency, such as the ether (Eth), before moving them to a final fee wallet (0x9D3 … E710D), where most of the scam fees are parked, according to Darkbit. Around $ 1.6 million in this purse has been converted to DAI (Dai), a decentralized stablecoin who has been in the US dollar that cannot be frozen like its centralized counterparts, USDT (USDT) or USDC (USDC). At the time of writing, the purse will be held by $ 2.23 million in tokens, mostly Dai and ETH.
Crypto drainers and phishing scams rebound
Many drainage closed as security tools slow down the drainage industry, but only -just, the canals have gained new tactics of themselves.
According to Darkbit, one method that Vanilla uses to stay in advance of the curve is to cycling through domains without remaining somewhere too long.
“I’m starting to see fresh malicious contracts created for every malicious website and domain to prevent radar stay,” Darkbit said.
Related: Crypto drainers retired as investigators begin to close
In July, phishing scams stole $ 7.09 million from the victims, an increase of 153% from June. The number of victims also increased by 56% to 9,143, according to scam sniffer data.
The largest single loss in July was $ 1.23 million. Blockchain metals show that the draining fees collected from this scam reached 54 ETH, worth $ 204,074 at that time. The fees were eventually transferred to the same suspected wallet fee linked to the $ 3.09-million incident in August.
The blockchain study also connects the vanilla drainer to two other six figures in July, bringing the canal’s responsibility to an estimated $ 2.19 million-more than 30% of the sum of the moon phishing.
Crypto drainers closed but don’t die
Between July 15 and August 5, the vanilla was used in at least four major scams worth $ 5.27 million, each resulting in six to seven-figure losses.
Vanilla quickly established himself in a backward but the corner of the crypto crime is still dangerous. Although the general drainage volume has slowed down since 2024, Vanilla has gained millions and attracts former Inferno users. Darkbit says its operators remain agile, cycling through domains and contracts to stay ahead of discovery.
History suggests that Even a public closure Rarely means the end. Inferno drainer, for example, announced its closure In November 2023, only to revive throughout 2024 before giving the operations to the Angel Drainer later that year. Despite those announcements, the activity associated with Inferno continued in 2025 and was tied to over $ 9 million in losses for six months.
The rapid growth of the vanilla next to the perseverance of Inferno shows that the canal services are rarely lost – they fit, rebrays or forwards their tools to new operators. For investigators, the challenge preserves an ecosystem that refuses to die.
Magazine: The Pink Drainer’s creator defends his purse draining the crypto scam kit
