Ddos 
A new report by Check Point Research reveals the resurgence and evolution of Inferno Drainer, a player in the “Drainer-as-a-Service” cybercrime model. This report exposes how Inferno Drainer, despite a supposed shutdown, has not only remained operational but has also significantly upgraded its tactics, posing an even greater threat to crypto users.
The campaign begins with an invitation link on a legitimate Web3 project website redirecting users to a Discord server. There, a fake Collab.Land bot urges users to “verify” their wallets. Instead of connecting through the legitimate connect.collab.land, victims are funneled through a series of malicious redirects leading to a phishing site that mirrors Collab.Land’s interface—only this time, the end result is a signed transaction that grants attackers full access to the wallet.
“Even experienced cryptocurrency users may lower their guard,” warns Check Point, “as they expect the service to request a wallet signature… they may instinctively click ‘Approve’ without careful inspection.”
The sophistication of Inferno Drainer is advanced. Its phishing infrastructure employs:
- Short-lived OAuth2 tokens to thwart URL-based detection
- Base64 and ROT13-encoded smart contract values on the Binance Smart Chain
- Four-layer AES encryption on JSON payloads
- Command & Control addresses hidden in blockchain contracts
These tactics not only obfuscate the malicious code but ensure that phishing blacklists and wallet warnings remain ineffective.
Inferno Drainer’s backend lives behind Cloudflare Workers and customer-deployed proxies, shielding its core infrastructure from takedowns. Funds are routed through fake ERC-20 token contracts, Receiver contracts, and one-time-use contracts deployed after the victim’s transfer—making blacklisting nearly impossible.
“This strategy is deliberately employed to bypass anti-phishing measures… By frequently deploying new contracts, attackers evade these warnings,” the report explains.
Between September 2024 and March 2025:
- 30,000+ wallets were drained
- $9+ million in losses recorded
- Some individual victims lost up to $761,000 in a single transaction
The developers keep 15–20% as commission, while the remainder goes to their criminal affiliates. Inferno Drainer has now become a full-fledged underground SaaS model.
As phishing kits become more indistinguishable from legitimate services and wallet defenses struggle to keep up, the responsibility for security increasingly rests on user vigilance and education.
Donate