Verify a decision

{"actor":"system:backfill","investigation_id":"72a34a8b-805c-4346-bba7-c70433a66561","kind":"publish","page_slug":"inferno-drainer","published_at":"2026-05-19T16:03:17.313Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Inferno Drainer","sections":[{"content":"Inferno Drainer is a drainer-as-a-service (DaaS) platform that provides criminal affiliates with phishing website infrastructure, malicious JavaScript drainer scripts, and an administrative panel in exchange for a cut of stolen proceeds. The operation was first identified by blockchain security firm Scam Sniffer in May 2023 after a member promoted the service in a Telegram channel. Its Telegram channel, 'Inferno Multichain Drainer,' was created on or around November 5, 2022. Affiliates (customers) retained 80% of each theft, with 20% remitted to the operators. Customers who also required the operators to build and host phishing websites paid a higher 30% commission instead. The platform marketed itself as a multichain solution targeting Ethereum, Arbitrum, Polygon, BNB Chain, and eventually 28 blockchain networks. An administrative panel provided affiliates with customization options including targeting logic that only initiated draining if a victim's wallet held more than $100 in assets.","heading":"Overview and Operational Model","severity":"critical","sources":[{"credibility":1,"name":"Crypto phishing service Inferno Drainer defrauds thousands of victims","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/crypto-phishing-service-inferno-drainer-defrauds-thousands-of-victims/"},{"credibility":2,"name":"Inferno Drainer Scam: Crypto Wallet Draining Malware Explained - Group-IB","type":"research","url":"https://www.group-ib.com/blog/inferno-drainer/"},{"credibility":2,"name":"What Is Inferno Drainer? New Phishing Scam Pilfering Crypto, NFTs - Decrypt","type":"news_article","url":"https://decrypt.co/140877/inferno-drainer-scam-scammer-phishing-crypto-nfts"}]},{"content":"Inferno Drainer built and distributed phishing sites impersonating over 100 (and in some accounts up to 229) popular cryptocurrency brands, including MetaMask, OpenSea, Coinbase, Pepe, and art platforms such as Art Blocks. Group-IB's Threat Intelligence platform identified more than 16,000 unique domains linked to the operation. Within those domains, more than 14,000 websites contained scripts spoofing the Seaport NFT trading protocol, over 5,500 spoofed WalletConnect, and over 550 impersonated Coinbase's wallet protocol. Victims were typically reached through social media platforms including X (formerly Twitter), Telegram, and Discord, often with promises of free token airdrops or NFT minting rewards. Once on a phishing site, users were prompted to connect their wallet via a QR code or browser extension. The malicious scripts then identified the most valuable transferable assets in the wallet and initialized a fraudulent transaction, which the victim was socially engineered into confirming. The malware used JavaScript files named seaport.js, wallet-connect.js, and coinbase.js embedded in phishing pages. Cloudflare was used to mask actual server addresses. Starting with later variants, smart contracts were used to increase efficiency; the operation adopted multicall techniques for batch asset transfers.","heading":"Phishing Infrastructure and Attack Methodology","severity":"critical","sources":[{"credibility":2,"name":"Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine","type":"news_article","url":"https://www.infosecurity-magazine.com/news/inferno-drainer-spoofs-100-crypto/"},{"credibility":2,"name":"Inferno Drainer Scam: Crypto Wallet Draining Malware Explained - Group-IB","type":"research","url":"https://www.group-ib.com/blog/inferno-drainer/"},{"credibility":2,"name":"Multichain Inferno Drainer Abuses Web3 Protocols - GBHackers","type":"news_article","url":"https://gbhackers.com/multichain-abuse-web3-protocols/"},{"credibility":1,"name":"How a 'crypto drainer' tricked people into handing over $80 million - The Record","type":"news_article","url":"https://therecord.media/inferno-drainer-cryptocurrency-scam-spoofing-blockchain-projects"}]},{"content":"During its initial public phase from approximately November 2022 through November 2023, blockchain security firm Scam Sniffer and Group-IB attributed roughly $80-88 million in stolen assets to Inferno Drainer, with an estimated 134,000 to 137,000 victims. Early reporting from May 2023, when the service was first disclosed, documented $5.9 million stolen from 4,888 victims across at least 689 fake websites launched since March 27, 2023. One documented individual victim lost approximately $400,000 in a single incident and attempted negotiating with the attackers, offering to return 50% of funds in exchange for no prosecution; the perpetrators did not respond. Stolen funds were distributed across multiple cryptocurrency addresses. One analysis noted five addresses holding between 250 and 400 ETH each. Blockchain security firm MistTrack tracked a portion of stolen funds consolidating to address 0x344...12ac3, which MistTrack alleged is associated with Inferno Drainer operators. MistTrack further traced approximately $767,610 in Wrapped Ether routed through DeFi platform CoW Protocol to address 0x87B...A53d92 as USDT. After the November 2023 shutdown announcement, operators claimed they had conducted an additional six months of private operations, allegedly draining a further $125 million, bringing their self-reported cumulative total to over $250 million. These self-reported figures have not been independently verified and may represent promotional inflation.","heading":"Scale of Theft and Victim Impact","severity":"critical","sources":[{"credibility":2,"name":"Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims - The Hacker News","type":"news_article","url":"https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html"},{"credibility":2,"name":"Inferno Drainer Winds Down Operations After Stealing $71 Million - CryptoPotato","type":"news_article","url":"https://cryptopotato.com/inferno-drainer-winds-down-operations-after-stealing-71-million/"},{"credibility":2,"name":"Inferno Drainer resumes operations, claims $250 million stolen - CryptoSlate","type":"news_article","url":"https://cryptoslate.com/inferno-drainer-resumes-operations-claims-250-million-stolen-from-crypto-users/"},{"credibility":2,"name":"The Demise Of Inferno Drainer: Accomplice In $70 Million Fraud Uncovered - Bitcoinist","type":"news_article","url":"https://bitcoinist.com/inferno-drainer-accomplice-in-70m-fraud/"}]},{"content":"In November 2023, the operators of Inferno Drainer announced through their Telegram channel that they were shutting down permanently. Despite this, Group-IB noted that the administrative panel remained operational as late as January 2024, and smart contracts deployed as far back as September 9, 2023, continued to be actively used. In May 2024, crypto security researcher Plumferno and Scam Sniffer identified a public announcement from Inferno Drainer resuming public operations, citing 'increased demand and the exit of competitors,' specifically referencing Pink Drainer's shutdown. The relaunched service expanded its capabilities to support 28 blockchain networks and added support for lending, staking, and yield farming protocol interactions. In October 2024, the group announced another shutdown and claimed its operations and codebase were being transferred to Angel Drainer, an existing threat actor. Despite this announcement, Check Point Research published findings in May 2025 confirming that Inferno Drainer had remained operational and had compromised over 30,000 new unique wallet addresses between September 2024 and March 2025, resulting in at least $9 million in additional losses during that six-month window alone.","heading":"Shutdown, Relaunch, and Continuity","severity":"critical","sources":[{"credibility":2,"name":"Inferno Drainer Shuts Down after Heist of Over $80M - Coinspeaker","type":"news_article","url":"https://www.coinspeaker.com/inferno-drainer-shuts-down-80m/"},{"credibility":2,"name":"Inferno Drainer resumes operations, claims $250 million stolen - CryptoSlate","type":"news_article","url":"https://cryptoslate.com/inferno-drainer-resumes-operations-claims-250-million-stolen-from-crypto-users/"},{"credibility":2,"name":"Pink Drainer Out, Inferno Drainer Back - Nefture Security / Coinmonks","type":"research","url":"https://medium.com/coinmonks/pink-drainer-out-inferno-drainer-back-new-shift-in-the-crypto-wallet-drainer-industry-6915c270bb68"},{"credibility":1,"name":"Return of the Crypto Inferno Drainer - Check Point Research","type":"research","url":"https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/"},{"credibility":2,"name":"Inferno Drainer Malware Returns, Stealing $9M from Crypto Wallets in Six Months - Decrypt","type":"news_article","url":"https://decrypt.co/318561/inferno-drainer-malware-returns-stealing-9m-from-crypto-wallets-in-six-months"}]},{"content":"Check Point Research's May 2025 deep-dive analysis documented significant technical sophistication in later Inferno Drainer variants. The operation adopted single-use, short-lived smart contracts to avoid wallet security blacklists. A key technique involved pre-calculating the future Ethereum address of a smart contract using the network's deterministic address generation (CREATE2 opcode), allowing the drainer to direct token transfers to a contract address before that contract was actually deployed on-chain, making tracing and preemptive blocking substantially harder. Command-and-control (C&C) server addresses were not hardcoded but instead retrieved from on-chain encrypted configurations stored in blockchain smart contracts, using four-layer AES encryption for communication. In March 2025 variants, communication with command servers was fully offloaded to proxy servers operated by individual customers, removing any centralized Inferno infrastructure from the traffic path. The operation used Cloudflare Workers ('workers.dev' domains) for its infrastructure. JavaScript payloads were obfuscated and customized per customer, ranging from 5 to 10 megabytes per script. Cashout addresses rotated on a monthly to bi-monthly basis. Key smart contract addresses identified by Check Point Research include the receiver/accumulation contract at 0x000037bB05B2CeF17c6469f4BcDb198826Ce0000 and a BSC configuration storage contract at 0x158862Ec60B7934f1333e53AC1e148811A2E3BeB. A documented January 2025 attack involved Discord: attackers redirected victims from a legitimate Web3 project's website to a phishing server impersonating the Collab.Land bot verification service, using Discord's OAuth2 flow to harvest approvals. The largest single documented theft in the 2024-2025 phase involved 107.8 billion PEPE tokens, valued at approximately $761,068 to $1.2 million at time of theft.","heading":"Technical Evolution and Anti-Detection Evasion (2024-2025)","severity":"critical","sources":[{"credibility":1,"name":"Return of the Crypto Inferno Drainer - Check Point Research","type":"research","url":"https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/"},{"credibility":2,"name":"Inferno Drainer Resurrects, Compromises 30,000 Wallets - FullyCrypto","type":"news_article","url":"https://fullycrypto.com/inferno-drainer-resurrects-compromises-30000-wallets"},{"credibility":2,"name":"Inferno Drainer Returns, Stealing Millions from Crypto Wallets - Infosecurity Magazine","type":"news_article","url":"https://www.infosecurity-magazine.com/news/inferno-drainer-returns-stealing/"}]},{"content":"On-chain investigators including ZachXBT and security firms including MistTrack and Scam Sniffer have contributed to tracing Inferno Drainer fund flows. In at least one documented incident, ZachXBT assisted in burning (destroying) a portion of stolen tokens; however, another tranche of stolen assets was consolidated and routed to address 0x344...12ac3, which MistTrack alleged is under Inferno Drainer operator control. MistTrack tracked approximately $767,610 in Wrapped Ether from that address through CoW Protocol DeFi infrastructure, ultimately received at address 0x87B...A53d92 as Tether USDT. Blockaid's proprietary dApp scanning and transaction simulation contributed to protecting wallets and was credited by Blockaid with helping disrupt Inferno Drainer's operations. Scam Sniffer maintained ongoing monitoring of phishing site surges correlated with Inferno Drainer announcements and relaunch events. The collaborative tracking by MistTrack, Scam Sniffer, and SEAL 911 contributed to blacklisting illicit addresses across wallets and security tools. In a separate incident, an attempted laundering of approximately $530,000 in ETH through privacy protocol Railgun was reportedly thwarted. Cointelegraph reported that increasing investigator pressure was contributing to drainer operations shutting down or going underground.","heading":"Blockchain Forensics and On-Chain Attribution","severity":"high","sources":[{"credibility":2,"name":"The Demise Of Inferno Drainer: Accomplice In $70 Million Fraud Uncovered - CryptoRank","type":"on_chain","url":"https://cryptorank.io/news/feed/70639-inferno-drainer-accomplice-in-70m-fraud"},{"credibility":2,"name":"Putting Inferno Drainer Group Out of Business - Blockaid Blog","type":"research","url":"https://www.blockaid.io/blog/putting-inferno-drainer-group-out-of-business"},{"credibility":1,"name":"Crypto drainers are retiring as investigators start to close in - Cointelegraph","type":"news_article","url":"https://cointelegraph.com/news/crypto-drainers-investigators-hacks-defi"},{"credibility":3,"name":"Inferno Drainer's $530K ETH Laundering Bid Thwarted by Railgun","type":"on_chain","url":"https://medium.com/@block.insider/inferno-drainers-530k-eth-laundering-bid-thwarted-by-railgun-f73783710f07"}]},{"content":"Inferno Drainer was the dominant wallet drainer service of 2023, accounting for the majority of the approximately $295.5 million stolen across the wallet drainer industry that year, per Scam Sniffer's annual report. In 2024, wallet drainer malware industry-wide stole an estimated $494-500 million from victims, with Inferno Drainer remaining a significant contributor even during its alleged shutdown period. The drainer-as-a-service model pioneered and popularized by services like Inferno Drainer involves a clear division of labor: developers maintain the core malware, C&C infrastructure, and administrative tooling, while criminal affiliates supply their own phishing distribution channels and victim acquisition. This model lowers the technical barrier for crypto theft and enables rapid scaling. After Inferno Drainer's 2023 shutdown, competitors including Pink Drainer and Vanilla Drainer emerged to fill the gap; Pink Drainer itself shut down in mid-2024, which Inferno Drainer cited as a reason for resuming public operations. The October 2024 transfer of Inferno Drainer's codebase to Angel Drainer illustrates how drainer operations persist through handoffs even when branded services announce closures.","heading":"Drainer-as-a-Service Industry Context","severity":"high","sources":[{"credibility":2,"name":"Scam Sniffer 2023: Crypto Phishing Scams Drain $300 Million from 320,000 Users","type":"research","url":"https://drops.scamsniffer.io/scam-sniffer-2023-crypto-phishing-scams-drain-300-million-from-320000-users/"},{"credibility":1,"name":"Crypto phishing attacks drained nearly $300 million in 2023: Scam Sniffer - The Block","type":"news_article","url":"https://www.theblock.co/post/270105/crypto-phishing-attacks-2023"},{"credibility":1,"name":"Cryptocurrency wallet drainers stole $494 million in 2024 - BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainers-stole-494-million-in-2024/"},{"credibility":2,"name":"Crypto-Seeking Drainer Scam-as-a-Service Operations Thrive - BankInfoSecurity","type":"news_article","url":"https://www.bankinfosecurity.com/crypto-seeking-drainer-scam-as-a-service-operations-thrive-a-24107"},{"credibility":1,"name":"Inferno Drainer usage triples as crypto scams soar in 2024 - Cointelegraph","type":"news_article","url":"https://cointelegraph.com/news/inferno-drainer-dapp-surge-crypto-scam-trends"}]},{"content":"The primary Telegram contact for Inferno Drainer was the handle @Mr_inferno_Drainer (Telegram user ID 5600090206). The main operator panel was hosted at inferno-drainer[.]com, which expired on December 10, 2023; operations subsequently migrated to dfgdfgqg[.]com. The service was hosted via Hostinger with domains registered through Tucows Inc. Key on-chain identifiers documented by Check Point Research include the receiver/accumulation smart contract at Ethereum address 0x000037bB05B2CeF17c6469f4BcDb198826Ce0000, a BSC-chain configuration storage contract at 0x158862Ec60B7934f1333e53AC1e148811A2E3BeB, and a suspected operator-controlled consolidation address at 0x344...12ac3 (MistTrack attribution). The operation deployed over 500 variants of fake token contracts on Ethereum alone. Phishing infrastructure used Cloudflare Workers ('workers.dev' domains) to obscure backend servers.","heading":"Known Infrastructure and Identifiers","severity":"high","sources":[{"credibility":2,"name":"Inferno Drainer Scam: Crypto Wallet Draining Malware Explained - Group-IB","type":"research","url":"https://www.group-ib.com/blog/inferno-drainer/"},{"credibility":1,"name":"Return of the Crypto Inferno Drainer - Check Point Research","type":"research","url":"https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/"},{"credibility":2,"name":"The Demise Of Inferno Drainer: Accomplice In $70 Million Fraud Uncovered - CryptoRank","type":"on_chain","url":"https://cryptorank.io/news/feed/70639-inferno-drainer-accomplice-in-70m-fraud"}]}],"sources_used":[{"credibility":1,"name":"Crypto phishing service Inferno Drainer defrauds thousands of victims - BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/crypto-phishing-service-inferno-drainer-defrauds-thousands-of-victims/"},{"credibility":2,"name":"Inferno Drainer Scam: Crypto Wallet Draining Malware Explained - Group-IB","type":"research","url":"https://www.group-ib.com/blog/inferno-drainer/"},{"credibility":1,"name":"Return of the Crypto Inferno Drainer - Check Point Research","type":"research","url":"https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/"},{"credibility":2,"name":"Inferno Drainer Spoofs Over 100 Crypto Brands to Steal $80m+ - Infosecurity Magazine","type":"news_article","url":"https://www.infosecurity-magazine.com/news/inferno-drainer-spoofs-100-crypto/"},{"credibility":2,"name":"Inferno Malware Masqueraded as Coinbase, Drained $87 Million from 137,000 Victims - The Hacker News","type":"news_article","url":"https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html"},{"credibility":2,"name":"Inferno Drainer resumes operations, claims $250 million stolen - CryptoSlate","type":"news_article","url":"https://cryptoslate.com/inferno-drainer-resumes-operations-claims-250-million-stolen-from-crypto-users/"},{"credibility":2,"name":"What Is Inferno Drainer? New Phishing Scam Pilfering Crypto, NFTs - Decrypt","type":"news_article","url":"https://decrypt.co/140877/inferno-drainer-scam-scammer-phishing-crypto-nfts"},{"credibility":1,"name":"Inferno Drainer says it's shutting down after helping steal $70M in crypto - Cointelegraph","type":"news_article","url":"https://cointelegraph.com/news/inferno-drainer-shut-down-after-stealing-millions-crypto-wallet-scam-kit"},{"credibility":2,"name":"Inferno Drainer Malware Returns, Stealing $9M from Crypto Wallets in Six Months - Decrypt","type":"news_article","url":"https://decrypt.co/318561/inferno-drainer-malware-returns-stealing-9m-from-crypto-wallets-in-six-months"},{"credibility":2,"name":"Putting Inferno Drainer Group Out of Business - Blockaid Blog","type":"research","url":"https://www.blockaid.io/blog/putting-inferno-drainer-group-out-of-business"},{"credibility":1,"name":"Crypto drainers are retiring as investigators start to close in - Cointelegraph","type":"news_article","url":"https://cointelegraph.com/news/crypto-drainers-investigators-hacks-defi"},{"credibility":1,"name":"Cryptocurrency wallet drainers stole $494 million in 2024 - BleepingComputer","type":"news_article","url":"https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainers-stole-494-million-in-2024/"},{"credibility":2,"name":"Scam Sniffer 2023: Crypto Phishing Scams Drain $300 Million from 320,000 Users","type":"research","url":"https://drops.scamsniffer.io/scam-sniffer-2023-crypto-phishing-scams-drain-300-million-from-320000-users/"},{"credibility":1,"name":"Crypto phishing attacks drained nearly $300 million in 2023: Scam Sniffer - The Block","type":"news_article","url":"https://www.theblock.co/post/270105/crypto-phishing-attacks-2023"},{"credibility":1,"name":"How a 'crypto drainer' tricked people into handing over $80 million - The Record","type":"news_article","url":"https://therecord.media/inferno-drainer-cryptocurrency-scam-spoofing-blockchain-projects"},{"credibility":1,"name":"Inferno Drainer usage triples as crypto scams soar in 2024 - Cointelegraph","type":"news_article","url":"https://cointelegraph.com/news/inferno-drainer-dapp-surge-crypto-scam-trends"},{"credibility":2,"name":"The Demise Of Inferno Drainer: Accomplice In $70 Million Fraud Uncovered - CryptoRank","type":"on_chain","url":"https://cryptorank.io/news/feed/70639-inferno-drainer-accomplice-in-70m-fraud"}],"summary":"Inferno Drainer is a scam-as-a-service (drainer-as-a-service) platform that provided phishing infrastructure and malicious wallet-draining scripts to criminal affiliates in exchange for a percentage of stolen funds. Active from November 2022 through at least early 2025, it is attributed to stealing over $80 million from approximately 137,000 victims during its initial operational phase, with operators claiming a cumulative total exceeding $250 million across all periods including a covert post-shutdown phase. It operates by luring victims to phishing websites impersonating legitimate crypto brands, tricking users into signing malicious transactions that drain wallets across multiple EVM-compatible blockchains.","timeline":[{"date":"2022-11-05","event":"Inferno Drainer Telegram channel 'Inferno Multichain Drainer' created; earliest documented public presence of the operation.","source":"Group-IB Blog","source_url":"https://www.group-ib.com/blog/inferno-drainer/"},{"date":"2023-02-01","event":"Inferno Drainer begins active operations, per Scam Sniffer attribution. Activity remained low until mid-April 2023.","source":"BleepingComputer","source_url":"https://www.bleepingcomputer.com/news/security/crypto-phishing-service-inferno-drainer-defrauds-thousands-of-victims/"},{"date":"2023-03-27","event":"First tracked phishing websites deployed by Inferno Drainer affiliates, per Scam Sniffer forensics.","source":"BleepingComputer","source_url":"https://www.bleepingcomputer.com/news/security/crypto-phishing-service-inferno-drainer-defrauds-thousands-of-victims/"},{"date":"2023-05-01","event":"Scam Sniffer identifies Inferno Drainer after observing its promotion in a Telegram channel; at time of discovery the service had stolen approximately $5.9 million from 4,888 victims.","source":"Cointelegraph","source_url":"https://cointelegraph.com/news/inferno-drainer-scam-as-a-service-has-stolen-5-9m-since-march-report"},{"date":"2023-09-09","event":"Key Inferno Drainer smart contracts deployed on Ethereum; these contracts continued to be actively used long after the operator's November shutdown announcement.","source":"Check Point Research","source_url":"https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/"},{"date":"2023-11-01","event":"Operators announce shutdown of Inferno Drainer via Telegram, stating the service is closing permanently after stealing over $80 million. Files and infrastructure noted as remaining active.","source":"Cointelegraph","source_url":"https://cointelegraph.com/news/inferno-drainer-shut-down-after-stealing-millions-crypto-wallet-scam-kit"},{"date":"2023-11-10","event":"Inferno Drainer attributed to stealing approximately $80-88 million from an estimated 134,000-137,000 victims across its first operational phase, per Group-IB and Scam Sniffer analysis.","source":"The Hacker News","source_url":"https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html"},{"date":"2023-12-10","event":"Primary operator domain inferno-drainer[.]com expires. Operations migrate to dfgdfgqg[.]com.","source":"Group-IB Blog","source_url":"https://www.group-ib.com/blog/inferno-drainer/"},{"date":"2024-01-01","event":"Group-IB confirms Inferno Drainer's user panel remained operational as of January 2024, contradicting the November 2023 shutdown announcement.","source":"Group-IB Blog","source_url":"https://www.group-ib.com/blog/inferno-drainer/"},{"date":"2024-05-20","event":"Inferno Drainer publicly announces resumption of operations, citing Pink Drainer's exit and increased demand. Claims $125 million stolen in six months of private post-shutdown operations, bringing alleged total to over $250 million. Expands to 28 blockchain networks.","source":"CryptoSlate","source_url":"https://cryptoslate.com/inferno-drainer-resumes-operations-claims-250-million-stolen-from-crypto-users/"},{"date":"2024-10-01","event":"Inferno Drainer announces a second shutdown, claiming its codebase and operations are being transferred to existing threat actor Angel Drainer.","source":"Blockaid Blog","source_url":"https://www.blockaid.io/blog/putting-inferno-drainer-group-out-of-business"},{"date":"2025-01-01","event":"Check Point Research documents a sophisticated Discord-based phishing campaign using Inferno Drainer, exploiting a fake Collab.Land bot to redirect victims from legitimate Web3 project websites to phishing infrastructure.","source":"Check Point Research","source_url":"https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/"},{"date":"2025-03-01","event":"Check Point Research discovers new Inferno Drainer variants with proxy-based C&C communication, making infrastructure tracing nearly impossible. Over 30,000 new victims and at least $9 million in losses documented between September 2024 and March 2025.","source":"Check Point Research","source_url":"https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/"},{"date":"2025-05-07","event":"Check Point Research publishes full deep-dive analysis of Inferno Drainer's return, documenting advanced anti-detection techniques, on-chain encrypted configurations, and single-use smart contract deployment.","source":"Check Point Research","source_url":"https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/"}]},"v":1}