Skip to main content
Sign in

Lucifer Drainer

avoid.net/lucifer-drainer0/100·82% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·5wysEF…Ac5c

Summary

Lucifer Drainer is a criminal drainer-as-a-service (DaaS) platform that industrializes cryptocurrency wallet theft through a structured affiliate model. Active since at least early 2025, it operates by providing affiliates with phishing kits, automated site-cloning tools, and commission-split infrastructure (operators retain 20% per successful drain) while affiliates supply phishing traffic. Despite Telegram bot bans in August 2025 and documentation domain suspension in November 2025, the operation migrated to IPFS and remained active as of May 2026, making it one of the most operationally resilient drainer platforms in the current threat landscape.

Connected Entities

1 entities · 10 linked investigations
Organizations
Lucifer Drainer
Relationships
    Also appears in
    edgeX Exchange·28Alephium Bridge·18Bunni Protocol·28BitGrail·2Trenton Johnston·0Thorchain DEX·14Orca·80KuCoin Exchange Hack·32Zircon Gamma·32CryptoZoo·8
    Have evidence about Lucifer Drainer?

    Timeline(10 events)

    2023-11-01

    Inferno Drainer announces shutdown after claiming over $80 million in total theft; later found to have continued operations covertly.

    Inferno Drainer Shuts Down After Heist of Over $80M — CryptoNews

    2024-05-17

    Pink Drainer ceases operations after stealing approximately $85 million from over 21,000 victims.

    Pink Drainer Shuts Down After Stealing $85 Million in Crypto — BeInCrypto

    2024-07-17

    Angel Drainer suspends operations after cybersecurity firm Match Systems claims to have de-anonymized its developers.

    Angel Drainer App Shuts Down After Developer Identification — CryptoTimes

    2024-10-19

    Inferno Drainer announces it has transferred its platform and code to the Angel Drainer team, consolidating two of the largest DaaS operations.

    Angel Drainer Absorbs Inferno's Toolkit — CryptoRank

    2025-01-01

    Flare researchers begin collecting and analyzing approximately 700 underground posts from forums, chats, and channels related to Lucifer DaaS; research period spans January 2025 through early 2026.

    Inside a Crypto Drainer — Bleeping Computer

    2025-03-01

    Lucifer Drainer announces version 6.6.6 featuring ERC-20 support, Permit2 abuse, off-chain signatures, Telegram notifications, wallet-security bypasses, and multichain deployment.

    Inside a Crypto Drainer — Bleeping Computer

    2025-05-01

    Lucifer Drainer operators publicly restate the commission-only model: 'We do not sell or lease the software and only split 20% per hit.'

    Inside a Crypto Drainer — Bleeping Computer

    2025-08-01

    Telegram bans Lucifer Drainer bots. Operators instruct affiliates via channel to create new bots and grant them admin privileges, maintaining continuity.

    Inside a Crypto Drainer — Bleeping Computer

    2025-11-01

    Documentation domain hosted on Google Firebase suspended following security research exposure. Lucifer Drainer migrates documentation to IPFS, citing decentralization as a takedown-resistance strategy.

    Inside a Crypto Drainer — Bleeping Computer

    2026-05-21

    Bleeping Computer publishes deep-dive on Lucifer Drainer's internal operations, confirming the platform remains live and actively recruiting affiliates as of May 2026.

    Inside a Crypto Drainer — Bleeping Computer
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 6/2/2026, 8:04:13 PM

    last updated: 6/3/2026, 3:33:59 AM

    avoid.net — verified advice for a post-truth world