In January 2024, researchers uncovered Inferno Drainer, a sophisticated cryptocurrency scam campaign that caused significant damage to the crypto space over a year. This operation combined complex phishing techniques with specialized infrastructure designed to siphon cryptocurrency. It managed to impersonate over a hundred cryptocurrency brands and stole an astonishing $80 million in assets before its developers abruptly ceased operations in November 2023.
Operating under a scam-as-a-service model, Inferno Drainer allowed cybercriminal affiliates to keep 80 percent of their ill-gotten proceeds while the organizers claimed the remaining 20 percent.
The scam involved luring victims to phishing websites that mimicked legitimate crypto token projects. These fraudulent sites were heavily promoted on social media platforms like X (formerly Twitter) and Discord, enticing users with promises of free tokens or NFT minting rewards. Ultimately, scammers tricked them into connecting their cryptocurrency wallets to the attackers' infrastructure.
Inferno Drainer's core operations were shut down, but the threat is far from over. Its success serves as a blueprint for a new wave of similar malware, potentially opening up a Pandora's box of crypto wallet-draining schemes that could plague the crypto industry for years to come.
In this blog article, we'll explore crypto drainers and share some valuable tips for protecting your assets.
What is a crypto drainer?
A crypto drainer, also known as a crypto wallet drainer, is malicious software that has been relentlessly targeting cryptocurrency owners for over a year. This insidious malware is designed to rapidly drain crypto wallets by automatically siphoning off their most valuable assets and funneling them into the wallets of the cybercriminals behind the operation.
Crypto drainer example
On December 17, 2022, 14 Bored Ape NFTs worth over $1 million were stolen. The scammers created a fake website for Forte Pictures, a Los Angeles-based movie studio, and posed as company representatives. They approached an NFT collector, claiming to be making a film about NFTs, and offered to license the IP rights to one of the collector's Bored Ape NFTs for use in the movie.
After falling for a scam, the victim signed a contract on "Unemployd", a purported blockchain platform for licensing NFT-related intellectual property. Following the transaction's approval, the victim's 14 Bored Ape NFTs were sent to the scammer for a meager 0.00000001 ETH (around US¢0.001 at the time).
The scammers used social engineering tactics to gain the victim's trust for a month. They employed emails, phone calls, and fake legal papers. The crucial part of their scheme was the transaction that transferred the victim's cryptocurrency to the scammers, which they timed carefully. Scammers count on this kind of transaction.
How crypto drainers work
Today's drainers automate the process of emptying victims' crypto wallets. They can help find the value of crypto assets in a wallet, identify the most valuable ones, create transactions and smart contracts to siphon off assets quickly and efficiently, and obfuscate fraudulent transactions to make them challenging to understand.
Equipped with a drainer, scammers are skilled at crafting counterfeit web pages that mimic legitimate cryptocurrency project sites. They cunningly choose domain names that closely resemble the original, exploiting the trend within the crypto community to utilize trendy, similar-looking domain extensions.
Next, these fraudsters employ various tactics to draw potential victims to their deceptive sites. Typical lures include promises of airdrops or opportunities for NFT minting—enticements well-recognized and coveted within the crypto space, making them perfect bait for the scammers' traps.
Scammers increasingly use social media and search engine adverts to draw victims into counterfeit websites. This tactic is particularly devious as it captures individuals looking for legitimate crypto projects. Unsuspecting users who are not paying enough attention might click on these "sponsored" scam links—prominently positioned above the regular search outcomes—only to find themselves on a fake site.
Then, crypto owners unaware of the scam end up signing a transaction created by the crypto drainer. This action could lead directly to their funds being sent to the scammers' wallets. Alternatively, it might involve something more complex, like the rights to control the assets in the victim's wallet being transferred to a smart contract. Either way, as soon as the harmful transaction is approved, all the valuable assets are quickly drained into the scammers' wallets.
How risky are crypto drainers?
Crypto wallet drainer scams are rising and becoming a big problem for many people. A recent study has shown that in 2023, over 320,000 users were hit by these scams, with the total damage reaching just shy of $300 million. The study also pointed out that there were about a dozen transactions where the scammers stole more than a million dollars each, and the biggest haul from a single transaction was slightly more than $24 million.
Both beginners and seasoned crypto enthusiasts can fall prey to these scams. For example, the individual who launched the company behind Nest Wallet was defrauded, losing $125,000 in stETH to scammers who operated a fake website offering a counterfeit airdrop.
How crypto drainers impact the crypto ecosystem
Crypto drainers have emerged as a significant threat in the digital asset landscape. While precise figures are difficult to ascertain due to underreporting, available data indicates that the value stolen by drainers is growing at a rate that outpaces even ransomware, another rapidly expanding form of cybercrime. After successfully stealing digital assets, criminals typically employ various crypto services to launder funds or convert them to cash. Since 2021, there has been a notable shift in tactics, with an increase in funds sent to mixing services and a decrease in those sent to centralized exchanges. Some drainers have also begun using gambling services, albeit on a smaller scale.
Crypto drainers in Bitcoin vs Ethereum Networks
Although crypto drainers predominantly operate within the Ethereum ecosystem, a unique drainer exploiting the Bitcoin blockchain exists. This particular scam created a fraudulent web page mimicking Magic Eden, the primary NFT platform for Bitcoin Ordinals. As of April 2024, this drainer has allegedly stolen approximately $500,000 through over 1,000 malicious transactions. Despite Bitcoin's relatively limited use in web3 services compared to other assets, several other Bitcoin drainers have already targeted the Ordinals trading community, signaling a potential expansion of these threats across different blockchain ecosystems.
How to prevent crypto drainer attacks
As crypto drainer operators become increasingly sophisticated, Web3 projects and users must implement robust security measures. You can mitigate your exposure by storing valuable or large volumes of assets in offline wallets like Tangem, only transferring funds to exchanges when necessary. Be cautious when clicking on links shared in chat rooms or on social media, especially if they are not from the official project account.
How else can you defend yourself against crypto drainers?
- Do not keep all your resources pooled together. Your cryptocurrency holdings should be safely managed and kept in several cold wallets.
- Always make it a habit to scrutinize the websites you frequently visit. If you spot anything that seems off, don't hesitate to pause and review everything thoroughly once more.
- Avoid clicking on sponsored links in search results. Instead, use links from organic search results, meaning those not labeled as "sponsored."
- Review every transaction detail carefully.
- Leverage browser add-ons designed to confirm transactions. They play a crucial role in spotting fake transactions and clearly show the consequences that follow each transaction.
- Make it a priority to have dependable security measures on every device handling your cryptocurrency assets.
Final thoughts
The cryptocurrency ecosystem faces a major threat from crypto wallet drainers, which creates challenges for individual investors and the industry as a whole. It is crucial to provide better education to users. While the community and security researchers are working on identifying and fighting these threats, users must also take responsibility for protecting themselves. Being well-informed, following best practices for securing wallets, and cautiously approaching unfamiliar offers can help reduce the risk of falling for scams.
Everyone involved in the crypto space needs to stay alert and take proactive measures to ensure security and stay ahead of potential threats in order to maintain the integrity of decentralized technologies.