Check Point Reports Resurgence of Inferno Drainer Scam

In the ever-evolving world of cybercrime, few threats are as persistent—or as profitable—as Inferno Drainer. Despite claiming to shut down in 2023, Check Point Research has confirmed the drainer’s quiet but powerful resurgence, now boasting technical upgrades that have enabled it to steal over $9 million from 30,000+ wallets in just the past six months.

A New Era of Crypto Theft

Inferno Drainer is no ordinary malware. It's a “Drainer-as-a-Service” (DaaS) operation: a malicious business model where operators lease out attack kits to affiliates, complete with phishing infrastructure, custom scripts, and real-time support. The latest version shows a level of technical sophistication rarely seen in crypto fraud.

What’s New in 2025

• On-chain encrypted command-and-control (C&C) configuration stored on Binance Smart Chain.
• Single-use smart contracts that self-destruct after a single transaction, bypassing detection and blacklisting.
• Secure proxies and OAuth2 tricks to evade browser, wallet, and phishing detectors.
• Multi-layer AES encryption and heavy obfuscation to hide malicious logic from researchers.

How the Attack Works

Attackers hijack Discord invite links or impersonate popular bots like Collab.Land, luring users to connect their crypto wallets under false pretenses. The fake interface mimics real verification flows—but once a user signs a transaction, their assets are gone.

• Most victims are tricked into approving malicious smart contracts.
• Some are hit via “Permit2” exploits, granting token access without needing a separate approval transaction.
• Others unknowingly send tokens to pre-deployed smart contract addresses, leaving no time for wallets to flag them.

"This campaign shows just how far cybercrime has industrialized," said Eli Smadja, Group Manager at Check Point Software Technologies. "Inferno Drainer isn’t just stealing crypto—it’s scaling fraud like a startup, with affiliates, infrastructure, and constant upgrades. The crypto ecosystem must wake up to how advanced and persistent these threats have become."

The Damage

• Over 30,000 wallets drained across 30+ blockchains.
• Individual victims have lost up to $761,000 in a single transaction.
• Inferno Drainer’s total historic thefts may exceed $250 million.

How to Stay Safe

• Always verify URLs—bookmark official project sites and avoid clicking links from Discord or social media.
• Use burner wallets when exploring new projects or airdrops.
• Check for the “Verified App” badge when using Discord bots.
• Inspect every wallet signature request carefully—never approve something you don’t fully understand.
• Employ browser security tools like Harmony Browse and endpoint protection with real-time threat intelligence.