With the rise in popularity of cryptocurrencies and non-fungible tokens (NFTs), cybercriminals have continuously found ways to trick people into giving up access to their digital assets. One such means is through phishing scams – a tactic often used to steal login credentials and personal information.
A new phishing scam in the digital currency landscape is the Inferno Drainer, which has reportedly been pilfering cryptocurrencies and NFTs. This article will provide an in-depth dive into what the Inferno Drainer phishing scam is and how it operates.
What is Inferno Drainer?
Inferno Drainer is a phishing scam that targets users of cryptocurrency wallets and marketplaces, as well as NFT owners. Its modus operandi involves sending out phishing emails that contain malicious links or attachments. Once an unsuspecting user clicks on the link or opens the attachment, they are directed to a fraudulent website that looks like the official website of the targeted platform.
The user is then asked to enter their login credentials (username and password) or their wallet’s private key. The phishing site captures this information, which the attackers can use to access the user’s digital assets.
According to reports, the Inferno Drainer phishing scam has been active since at least March 2021 and has so far targeted several popular cryptocurrency wallets and marketplaces, including Ledger, Trezor, and Binance. The attackers have also targeted popular NFT marketplaces like OpenSea and Rarible.
How Does Inferno Drainer Operate?
The attackers behind the Inferno Drainer phishing scam use various tactics to make their fraudulent websites look authentic. They may use website cloning – a technique whereby they create a fake version of the targeted platform’s website – to trick users into entering their login credentials or wallet private keys.
In other cases, the phishing emails may contain malicious attachments that, when opened, install malware on the user’s device. The malware then hijacks the user’s browser and redirects them to the fraudulent website whenever they try to access the legitimate website of the targeted platform.
It’s worth noting that the Inferno Drainer phishing scam isn’t limited to email phishing alone. The attackers may also use social engineering tactics to trick users into giving up their login credentials or private keys. For instance, they may pose as customer support representatives or send unsolicited messages on social media platforms like Twitter and Telegram.
Once the attackers have obtained the user’s login credentials or private keys, they can access their digital assets and transfer them to their own wallets. They may also sell the stolen assets on the dark web or other platforms where they can be traded anonymously.
How to Protect Yourself from Inferno Drainer
The best way to protect yourself from the Inferno Drainer phishing scam is to stay vigilant and follow best practices for online security. Here are some tips that can help:
1. Be cautious of unsolicited emails and messages – If you receive an email or message from someone you don’t know, don’t click on any links or open any attachments. Delete the message or mark it as spam.
2. Verify the website’s URL – Before entering your login credentials or private key on a website, make sure it’s the official website of the targeted platform. Check the website’s URL carefully to ensure it’s spelled correctly, and look for the padlock icon next to the URL to ensure that it’s SSL-encrypted.
3. Use two-factor authentication – Two-factor authentication (2FA) adds an extra layer of security to your accounts by requiring you to enter a code sent to your phone in addition to your login credentials. This can help prevent attackers from accessing your accounts even if they have your login credentials.
4. Keep your software up-to-date – Make sure you keep your operating system, browser, and other software up-to-date with the latest security patches. This can help prevent attackers from exploiting known vulnerabilities to gain access to your device.
In conclusion, the Inferno Drainer phishing scam is another example of the risks associated with digital currencies and non-fungible tokens. As more people embrace these new forms of digital assets, the need for heightened vigilance and security awareness cannot be overstated. By following the tips outlined above, you can better protect yourself from this and other types of phishing scams.
Inferno Drainer is a malicious software provider that has allegedly targeted thousands of scams resulting in the theft of several million dollars from crypto projects on the largest blockchains. Scam Sniffer, a platform specializing in the identification of scams, reported that the security firm identified 4,888 victims who collectively lost over $5.9 million in cryptocurrencies and NFTs. The victims targeted include some of the most well-known brands in the crypto ecosystem, such as Pepe, Collab.Land, zkSync, MetaMask, and Nakamigos, among others.
According to the report, Inferno Drainer charges 20% to 30% of the stolen assets in exchange for their malicious software, which is used to create fraudulent websites. In total, the firm is reported to have created nearly 689 phishing websites since March 27. “This is the data we have based on on-chain activity, but it could have started earlier,” Scam Sniffer told Decrypt.
The victim who suffered the greatest losses lost nearly $400,000 worth of assets, according to Scam Sniffer. The victim attempted to negotiate with the scammer, offering to let them retain 50% of the stolen goods.
Last month, Scam Sniffer identified a similar type of “Scam as a Service” called Venom Drainer. It drained $27 million from 15,000 victims, with the top five victims losing $14 million in total, targeting around 170 brands.
Despite the bear market, crypto scams are still frequent. A recent study by Crystal Blockchain revealed that 2022 emerged as the worst year on record for crypto fraud, with 120 separate incidents reported. This number represents a 28% increase compared to 2021. However, the total value lost across all incidents in 2022 was less than half of that in 2021 when the total funds lost in crypto scams reached $4.6 billion.
Decentralized finance (DeFi) breaches are now the most common type of crypto attack, according to the same study. Investors are urged to exercise caution when investing in cryptocurrencies and to do their due diligence.
