Inferno Drainer
A 'drainer-as-a-service' operation that rented phishing/wallet-draining software to affiliates for a ~20% cut. Group-IB and Scam Sniffer say it stole roughly $80M+ from ~137,000 victims (Nov 2022–Nov 2023) by spoofing 100+ Web3 brands; it later resumed activity.
Also known as: Inferno Drainer
Overview
Inferno Drainer was one of the most prolific "drainer-as-a-service" (DaaS) operations. Its developers provided phishing kits, malicious scripts, and smart contracts to affiliates ("customers"), who set up fake Web3 sites — airdrops, mints, token claims, "wallet verifications" — to trick users into signing transactions or unlimited token approvals that drained their wallets. The developers took roughly 20% of stolen funds; affiliates kept ~80%, managing campaigns via a Telegram bot and web panel. [1][2]
How it works
Affiliates lured victims (often via hijacked or impersonated X/Discord accounts and ads) to phishing pages that spoofed real protocols such as Seaport, WalletConnect, and Coinbase. Once a wallet connected, the drainer identified the most valuable, easily transferable assets and crafted the malicious approval/transfer; assets under ~$100 were typically ignored. [1]
Scale and resurgence
Group-IB linked Inferno to 16,000+ phishing domains impersonating 100+ crypto brands; per Scam Sniffer figures it stole on the order of $80 million from about 137,000 victims between November 2022 and November 2023. The operators announced a shutdown in late 2023, but Check Point later reported Inferno had resumed, draining further millions using harder-to-detect single-use contracts and on-chain encrypted configs. It is frequently cited as the single largest contributor to drainer losses. [1][2]
Bracketed numbers refer to the numbered sources listed below.
People & entities involved
Sources (2)
- Burnout: Inferno Drainer's multimillion-dollar scam scheme detailed — Group-IB
- Return of the Crypto Inferno Drainer — Check Point Research
See also
- Angel DrainerOrganizations & groupsA wallet-drainer-as-a-service operation (≈85/15 affiliate/developer split) specialized in EVM chains. Most notably, Angel Drainer malware was used in the December 2023 Ledger Connect Kit supply-chain attack, which drained roughly $500K–$600K from DeFi users in a few hours.
- Monkey DrainerOrganizations & groupsAn early, prolific wallet-drainer-as-a-service crew (active into early 2023) that focused on high-value NFTs and is estimated to have facilitated roughly $13–16.5M in theft before announcing it was 'shutting down' and pointing affiliates to rival drainers.
- Ledger Connect Kit hackProjects
This page was last updated on Jun 8, 2026. View revision history.