Key Takeaways
- Inferno Drainer’s Sophistication: Inferno Drainer, a scam-as-a-service malware, demonstrated an exceptional level of sophistication in its operation. Its developers offered cybercriminals a user-friendly platform with customization options and real-time statistics on stolen assets, making it a potent tool in the arsenal of digital criminals.
- Deceptive Bait and Social Media Promotion: Inferno Drainer attracted victims by offering tempting bait, such as promises of free tokens, NFT minting opportunities, and compensation for cybercrime-induced disruptions. It aggressively promoted its phishing pages on social media platforms, leveraging the trust and curiosity of potential victims.
- Web3 Protocol Spoofing: What set Inferno Drainer apart was its ability to impersonate popular Web3 protocols used for secure digital asset trading. This allowed it to connect with self-custody crypto wallets, tricking victims into authorizing malicious transactions. The use of malicious JavaScript code added an extra layer of deception.
- Ongoing Vigilance is Crucial: Even though Inferno Drainer was shut down in November 2023, its prominence throughout the year underscores the persistent threat of crypto scams. Group-IB’s warning emphasizes the importance of vigilance among cryptocurrency holders, urging them to verify the legitimacy of websites and promptly report suspicious activities to law enforcement agencies to combat cybercrime effectively.
In a shocking revelation, cybersecurity firm Group-IB has shed light on the dark underbelly of the digital world, exposing a sophisticated and highly profitable scam-as-a-service operation that wreaked havoc in the cryptocurrency space throughout 2023. Inferno Drainer, as it came to be known, emerged as a formidable adversary in the battle against cybercrime, leaving a trail of more than USD $80 million in stolen digital assets in its wake.
The Genesis of Inferno Drainer
Inferno Drainer, officially known as Inferno Multichain Drainer, burst onto the scene in November 2022, when its developers unveiled their malicious creation on a Telegram channel. This nefarious piece of software was offered for hire to cybercriminals as part of the Scam-as-a-Service model, providing them with the tools to plunder unsuspecting victims’ cryptocurrency wallets and authorize transactions in the blink of an eye.
A Scam-as-a-Service Model
The developers of Inferno Drainer operated a customer panel that allowed cybercriminals to customize the features of the malware and provided key statistics on their ill-gotten gains. In a brazen business model, the developers charged a flat rate of 20% of stolen assets, with the remaining 80% going to the users. Those wishing to utilize the Drainer could either upload it to their own phishing sites or make use of the developers’ service to create and host their own phishing websites. In some instances, this service was provided free of charge, while in others, the administrators demanded a 30% cut of the stolen assets.
One of the key features of Inferno Drainer was its ability to impersonate over 100 cryptocurrency brands on more than 16,000 unique domains, making it a formidable threat to anyone operating in the crypto space. Group-IB said that it notified the affected brands about the malicious use of their names and imagery in line with its zero-tolerance policy towards cybercrime.
The Deceptive Bait
Inferno Drainer’s phishing pages, promoted on social media platforms like X (formerly Twitter) and Discord, dangled irresistible bait in front of potential victims. Promises of free tokens through airdrops, opportunities to mint NFTs, and compensation for cybercrime-induced outages lured unsuspecting users into the malicious web. Once lured in, victims were prompted to connect their wallets, unwittingly advancing the scam to the next stage.
Web3 Protocol Spoofing
What set Inferno Drainer apart from other scams was its ability to spoof popular Web3 protocols, designed to facilitate secure and efficient trading of digital assets. Malicious JavaScript code masquerading as well-known Web3 protocols like Seaport, WalletConnect, and Coinbase was embedded in phishing websites, initiating malicious transactions. Some sites even contained multiple scripts impersonating various Web3 protocols, all accessible to scammers through GitHub repositories or separate ZIP files hosted on file sharing sites.
The Fallout and Group-IB’s Warning
Despite its audacious operations, Inferno Drainer’s reign of terror came to an end in November 2023 following an announcement of shutdown. However, the damage had already been done, with over $80 million in digital assets stolen, making it the crypto drainer of 2023.
Andrey Kolmakov, Head of Group-IB’s High-Tech Crime Investigation Department, highlighted the increasing sophistication of phishing attacks, leaving cryptocurrency holders increasingly vulnerable. Kolmakov urged vigilance among cryptocurrency holders, cautioning against falling for websites promoting free digital assets or airdrops.
Group-IB’s Recommendations
Group-IB’s investigation into Inferno Drainer concludes with a set of recommendations to protect digital asset holders. They advise trusting only legitimate websites like those listed on CoinMarketCap for transactions. Additionally, victims of cryptocurrency crime are urged to save the phishing URL, any related data, and share this information with local law enforcement agencies in a bid to bring these cyber evildoers to justice.
In the ever-evolving landscape of cybersecurity threats, Inferno Drainer serves as a stark reminder of the dangers lurking in the digital world. As cybercriminals continue to devise increasingly sophisticated schemes, the responsibility falls on individuals and organizations to stay vigilant and take the necessary steps to safeguard their digital assets.
Read Also: Crypto Industry Loses Over $1.3B YTD in Hacks and Frauds, Immunefi Report Reveals
