The year 2023 saw one of the most prolific crypto draining scams orchestrated by a group impersonating over 100 cryptocurrency brands through a network of 16,000 phishing domains. Group-IB, a threat intelligence vendor, recently disclosed the intricate details of this scam in a blog post that shed light on the extensive operation.
According to Scam Sniffer, the group known as Inferno Drainer managed to siphon off nearly $88 million from more than 137,000 victims between November 2022 and November 2023. The modus operandi of this scam-as-a-service operation involved enticing victims to phishing websites that mimicked popular Web3 protocols such as Seaport, WalletConnect, and Coinbase.
Seaport, a Web3 marketplace for NFT trading, along with WalletConnect and Coinbase, which facilitate connections between crypto wallets and decentralized applications in Web3, were spoofed by the fraudsters to initiate fraudulent transactions. By employing classic social engineering tactics, the scammers managed to convince unsuspecting victims to authorize these transactions under the guise of claiming prizes or rewards.
Viacheslav Shevchenko, an analyst at Group-IB, explained, “The allure of potential riches, which forms a key part of the content presented to victims on phishing websites, makes users connect their wallets to the attacker’s infrastructure.” The phishing sites, disguised as official crypto token projects, were disseminated on social media platforms like X (formerly Twitter) and Discord.
The scammers employed various lures to attract victims, including promises of free tokens (airdrops), rewards for minting new NFTs, and non-existent compensation for fabricated disruptions experienced by the impersonated companies. Inferno Drainer primarily operated as a service for cybercriminals who directed victims to the phishing sites, with developers receiving 20% of the proceeds and affiliates taking home the remaining 80%.
Affiliates were provided with a user panel, Telegram channel, and phishing websites/software to manage their campaigns. Once connected to a victim’s crypto wallet, the drainer malware selectively targeted the most valuable assets for transfer, disregarding amounts below $100.
Group-IB emphasized the importance of vigilance and urged users to report such attacks to relevant law enforcement agencies. Shevchenko stressed the need for comprehensive investigations and holding criminals accountable to prevent future attacks. As the threat landscape evolves, staying informed and taking proactive measures is essential to safeguard against crypto draining scams.