Burnout: Inferno Drainer’s Multimillion-Dollar Scam Scheme Detailed

Despite being shut down in November 2023, users of the dangerous scam-as-a-service platform Inferno Drainer continue to be a threat as they search for alternative opportunities.

This blog post details the instance of Inferno Drainer, a well-known scam-as-a-service phishing operation. Following a broad operation that targeted cryptocurrency wallet providers and caused enormous financial harm, the drainer's developers declared in November 2023 on their Telegram channel that the malware was permanently shutting down.

Key findings

• Inferno Drainer was a prominent multichain crypto drainer that operated under the scam-as-a-service model and was active from November 2022 to November 2023.
• Victims were tricked on sophisticated phishing websites into connecting their cryptocurrency wallets with the attackers’ infrastructure.
• Group-IB detected more than 16,000 unique domains linked to Inferno Drainer’s phishing operations, with at least 100 individual crypto brands impersonated.
• Inferno Drainer contained malicious scripts that spoofed popular Web3 protocols for the purpose of connecting cryptocurrency wallets and gaining the user’s consent to authorize a transaction.
• Once the victim connects their crypto wallet and authorizes a transaction they believe will be to collect an airdrop
• Under the scam-as-a-service framework, 20% of stolen assets were transferred to Inferno Drainer’s organizers, with the user keeping the remaining 80%.
• Inferno Drainer’s developers announced that the scheme was shuttering operations in November 2023. However, Group-IB found that the user panel for cybercriminals was still active as of the middle of January 2024.

Read the full blog on Inferno Drainer here!

Photo: Istock.com/Traitov