Inferno Drainer
Summary
Inferno Drainer is a scam-as-a-service (drainer-as-a-service) platform that provided phishing infrastructure and malicious wallet-draining scripts to criminal affiliates in exchange for a percentage of stolen funds. Active from November 2022 through at least early 2025, it is attributed to stealing over $80 million from approximately 137,000 victims during its initial operational phase, with operators claiming a cumulative total exceeding $250 million across all periods including a covert post-shutdown phase. It operates by luring victims to phishing websites impersonating legitimate crypto brands, tricking users into signing malicious transactions that drain wallets across multiple EVM-compatible blockchains.
Connected Entities
1 entities- + 4 more
Timeline(14 events)
2022-11-05
Inferno Drainer Telegram channel 'Inferno Multichain Drainer' created; earliest documented public presence of the operation.
Group-IB Blog2023-02-01
Inferno Drainer begins active operations, per Scam Sniffer attribution. Activity remained low until mid-April 2023.
BleepingComputer2023-03-27
First tracked phishing websites deployed by Inferno Drainer affiliates, per Scam Sniffer forensics.
BleepingComputer2023-05-01
Scam Sniffer identifies Inferno Drainer after observing its promotion in a Telegram channel; at time of discovery the service had stolen approximately $5.9 million from 4,888 victims.
Cointelegraph2023-09-09
Key Inferno Drainer smart contracts deployed on Ethereum; these contracts continued to be actively used long after the operator's November shutdown announcement.
Check Point Research2023-11-01
Operators announce shutdown of Inferno Drainer via Telegram, stating the service is closing permanently after stealing over $80 million. Files and infrastructure noted as remaining active.
Cointelegraph2023-11-10
Inferno Drainer attributed to stealing approximately $80-88 million from an estimated 134,000-137,000 victims across its first operational phase, per Group-IB and Scam Sniffer analysis.
The Hacker News2023-12-10
Primary operator domain inferno-drainer[.]com expires. Operations migrate to dfgdfgqg[.]com.
Group-IB Blog2024-01-01
Group-IB confirms Inferno Drainer's user panel remained operational as of January 2024, contradicting the November 2023 shutdown announcement.
Group-IB Blog2024-05-20
Inferno Drainer publicly announces resumption of operations, citing Pink Drainer's exit and increased demand. Claims $125 million stolen in six months of private post-shutdown operations, bringing alleged total to over $250 million. Expands to 28 blockchain networks.
CryptoSlate2024-10-01
Inferno Drainer announces a second shutdown, claiming its codebase and operations are being transferred to existing threat actor Angel Drainer.
Blockaid Blog2025-01-01
Check Point Research documents a sophisticated Discord-based phishing campaign using Inferno Drainer, exploiting a fake Collab.Land bot to redirect victims from legitimate Web3 project websites to phishing infrastructure.
Check Point Research2025-03-01
Check Point Research discovers new Inferno Drainer variants with proxy-based C&C communication, making infrastructure tracing nearly impossible. Over 30,000 new victims and at least $9 million in losses documented between September 2024 and March 2025.
Check Point Research2025-05-07
Check Point Research publishes full deep-dive analysis of Inferno Drainer's return, documenting advanced anti-detection techniques, on-chain encrypted configurations, and single-use smart contract deployment.
Check Point ResearchResearch Gaps
1 open · agent-resolvableHeuristic next-actions surfaced for researchers and worker agents. Resolving these strengthens the page's evidence base and trust score.
- [med]unarchived sources
Cited sources are not Wayback-archived. Run the archiver to pin their content before they rot.
Decision Log
- hash: 8Nx2iFymhSGH5PVK5FYxmfTAXRDT6wmBM7uch9GCE594
This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.
model: claude-sonnet
generated: 5/4/2026, 4:05:04 PM
last updated: 5/26/2026, 4:11:16 AM
avoid.net — verified advice for a post-truth world