The latest in the crypto-cybersecurity landscape is the loss of around $6 million from about 5,000 people in a case of a phishing-as-a-service campaign by ‘Inferno Drainer.’ Read on to know everything about the incident.

In yet another cybersecurity breach, nearly 5,000 crypto investors have fallen victim to an audacious cryptocurrency phishing scam. The malicious actors have managed to steal a staggering $5.9 million worth of digital assets from 4,888 unsuspecting victims.

The daring cyber operation came to light following a comprehensive report released by Scam Sniffer, a reputed team of cybersecurity experts.

Inferno Drainer, a malicious phishing-as-a-service provider, is believed to be behind the cybercrime. The report reveals that Inferno Drainer has created a network of at least 689 fraudulent websites, which have been operational since March 27, 2023. However, most of these malicious sites were launched after May 14, 2023. That points to a significant rise in site-building activity for a period.

The scammers behind Inferno Drainer have strategically targeted 229 prominent brands. These include some respected names like MetaMask, Pepe, Bob, Collab.Land, OpenSea, LayerZero, and several others. By impersonating these reputable platforms, the threat actors exploited the trust of unsuspecting users seeking to engage in legitimate cryptocurrency transactions.


How the Crypto Phishing Scam Came to Light

The notorious cryptocurrency phishing and scam service came under the radar of cybersecurity experts at Scam Sniffer following the discovery of an Inferno Drainer member boasting about a $103,000 theft on Telegram. This revelation led Scam Sniffer to investigate further. Eventually, they uncovered the extensive operations of this malicious service.

Scam Sniffer, renowned for its expertise in tracking and exposing online scams, was able to link the screenshot shared on Telegram to an actual transaction in its database. Scam Sniffer identified Inferno Drainer’s fraudulent activities by cross-referencing the transaction hash with known malicious addresses in their repository.


phishing attacks


Inferno Drainer has several allegations against it. They include the multi-chain fraud exploiting Aave token and Art Blocks and the MetaMask token approval incident, among other scams. The adversaries provide their malicious users with a modern admin panel having customization options. The malicious group even offers a trial period for prospective buyers to assess its capabilities.


How Does Inferno Drainer Work with its Operators?

Malicious actors using the Inferno Drainer service pay a percentage of their proceeds to the platform. Initially, the service charges 20% of the profits generated by the operators. However, if the services involve the creation of phishing sites, the percentage increases to 30%.

However, due to the high demand for their services, Inferno Drainer has imposed stringent requirements on potential clients. Only those deemed “good customers” or individuals who have demonstrated the potential to generate substantial profits are eligible to access their malicious resources.

The discovery of Inferno Drainer’s operations sheds light on modern cybercrime’s sophisticated and organized nature. Their ability to adapt and exploit vulnerabilities across various blockchain networks show a level of technical proficiency among its members that raises concern.


How Hard Did the Scam Hit the Victims?

Active since February 2023, Inferno Drainer intensified its fraudulent activities in mid-April, leading to substantial losses for unsuspecting victims. Here is a closer look into the intensity of the losses.


cost of phishing attacks


The investigators revealed that Inferno Drainer managed to siphon off $5.9 million in various cryptocurrencies. Approximately $4.3 million, constituting most of the stolen funds, were extracted from the Mainnet. Additional losses included $790,000 from Arbitrum, $410,000 from Polygon, and $390,000 from Binance Smart Chain (BNB).

During their investigation, Scam Sniffer identified one of the most prominent victims who lost digital assets worth $400,000. The victim attempted to negotiate with the attackers, allowing them to keep 50% of the stolen amount and return the remaining in exchange for dropping any legal action against them.

Unfortunately, the perpetrators disregarded the victim’s pleas and continued their illicit activities.

Scam Sniffer also disclosed that the threat actors behind Inferno Drainer used five cryptocurrency addresses to distribute the funds collected from attack fees. Currently, these addresses hold between 250 and 400 ETH. That implies that the malicious actors are actively laundering the stolen assets and moving through the cryptocurrency ecosystem.

Law enforcement agencies and cybersecurity firms are collaborating to bring the culprits to justice.


What Should Crypto Investors Do?

The incident exposes the need for vigilance and caution in cryptocurrencies’ dynamic and rapidly evolving world.

Cybersecurity experts strongly advise cryptocurrency investors and enthusiasts to be wary while handling digital assets. Investors need to implement robust phishing protection measures besides deploying measures such as 2FA, scrutinizing URLs for authenticity, and using hardware wallets. This way, users mitigate their vulnerability to phishing attacks.


phishing protection

Image sourced from

The Inferno Drainer incident is a stark reminder of the increasing sophistication that threat actors are adopting to spearhead their attacks. As cryptocurrencies continue to gain popularity, investors need to place adequate defense mechanisms and remain vigilant of the security of their digital assets.

Whether law enforcement agencies and cybersecurity firms can collaborate successfully to dismantle cyber adversaries’ organized and malicious infrastructure remains to be seen.