Crypto-Related Phishing Scam Lures Victims to Steal Over $80 Million

Inferno Drainer, the most notable crypto-related phishing campaign, imitated over 100 cryptocurrency brands to trick victims into approving malicious transactions.

The drainer, which is now defunct, was active between November 2022 to November 2023, and has over 16,000 unique phishing domains associated with it, researchers at Singapore-based Group-IB revealed in a blog post.

Inferno Drainer operates under a scam-as-a-service model, where the organizer/developer keeps 20% of the stolen assets, while the users of the service keep the remaining 80%.

Quoting figures from Scam Sniffer, the firm went on to reveal that more than $80 million was stolen from over 140,000 victims in the said year. It further emphasized the danger to crypto owners by the software and its users, as it ‘’was still active as of the middle of January 2024’’.

First, the victims were lured to the dubious crypto brand websites by Inferno Drainer users. These sites ‘’spoofed popular Web3 protocols such as Seaport, WalletConnect, and Coinbase to initiate fraudulent transactions.’’

Seaport is a Web3 marketplace protocol used for NFT trading while ‘’WalletConnect and Coinbase are protocols that allow self-custody crypto wallets to connect to decentralized applications (DApp) in Web3.’’ These protocols require manual authorization by a user. Thus, to make it seem legitimate, the drainer’s developer spoofed these protocols to defraud the victims.

Upon establishing the infrastructure and successful linking of users’ accounts, the scammers ensured that victims accepted the transactions in lieu of financial rewards or prizes.

‘’The allure of potential riches, which forms a key part of the content presented to victims on phishing websites, makes users connect their wallets to the attacker’s infrastructure. The malware was placed on sites that are disguised as official crypto token projects and spread on X (formerly Twitter) and Discord,’’ the researcher explained.

Group-IB warns crypto owners to be cautious when clicking on links offering free financial rewards and prizes. ‘’The dangers will only get worse. In-depth investigations and bringing criminals to justice are the only way to prevent future attacks. It is crucial that victims file cases about the attacks they experienced with the relevant law enforcement agencies.’’