Join the hunt for $12,000,000+ in NEXO Tokens!

Learn More

Inferno Drainer crypto scam still a threat despite previous shut down: Report

Singapore's Group-IB highlights the lingering threat of Inferno Drainer in crypto through users of the ‘scam-as-a-service’ dashboard.

Inferno Drainer's $80M crypto scam used 16,000 phishing domains: Report

Share this article

Singaporean cybersecurity company Group-IB published a report today detailing how the ‘scam-as-a-service’ known as Inferno Drainer used 16,000 domains for phishing purposes and stole $80 million from crypto users since late March 2023.

Titled ‘Burnout: Inferno Drainer’s multimillion-dollar scam scheme detailed’, the study points out that Inferno Drainer’s threat still looms over the crypto market despite its shutdown in November 2023.

The first registers of Inferno Drainer activities date back to November 2022. In just a year, it became one of the most proficient drainers in crypto. A ‘drainer’ is a service focused on stealing crypto using different means to trick victims, and Inferno’s specialized in phishing.

Inferno Drainer was shut down in November 2023 after its developers announced they were closing the operation. However, the threat persists as past users of this malware have potentially moved on to other schemes. In other words, there is still a risk that Inferno Drainer has not been fully eradicated, according to Group-IB’s analysts.

The report also highlights that the 16,000 unique domains used were part of an extensive phishing operation that mimicked more than 100 crypto brands.

Inferno Drainer's $80M crypto scam used 16,000 phishing domains: Report
Description of Inferno Drainer scheme. Image: Group-IB

Cybercriminals lured potential victims to phishing sites, expertly impersonating popular crypto brands and Web3 protocols like Seaport, WalletConnect, and Coinbase. These sites initiated fraudulent transactions by deceiving users into linking their accounts for supposed financial rewards.

Moreover, cybercriminals offered various lures such as exclusive airdrops and compensation for company disruptions, convincing users to connect their wallets to the attacker’s infrastructure.

The report also emphasizes the technical sophistication behind the Inferno Drainer operation. The criminals behind the scheme offered services for creating and hosting websites that appeared as official crypto projects, spreading through social media platforms like X (formerly Twitter) and Discord, and receiving a part of the scam’s profit as payment.

Group-IB’s analysts warn that as the crypto ecosystem continues to evolve, so do the methods of cybercriminals. Although most of Inferno Drainer’s operations may have ceased, the threat of similar malware looms large, prompting a need for increased vigilance and improved security measures in the digital asset space.

Share this article