This devious malware pretends to be Coinbase - but really it’s just draining all your accounts

Inferno Drainer was one of the most prominent drainers of last year

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers were pretending to be Coinbase and used well-craftedphishingpages to steal people’s cryptocurrency hauls, according to a report from cybersecurity researchers Group-IB.

As per the report, between November 2022 and 2023, an unnamed group of hackers operated a malware-as-a-service, called Inferno Drainer.

As the name suggests, this type ofmalwareis capable of draining all of the funds found in people’s cryptocurrency wallets, including both fungible and non-fungible tokens (NFT). Other threat actors would use the drainer, and give 20% of all the profits to the operators.

Fake airdrops

Fake airdrops

For the drainer to work, a victim must connect their wallet with the attackers’ infrastructure. That was achieved via convincing landing pages. Group-IB said it found more than 16,000 unique domains linked to the Inferno Drainer’s phishing operation. At least 100 different crypto brands were impersonated during that time. It is unknown how many different groups participated in the campaign. What we do know is that most victims who ended up on the landing pages were connecting their wallets thinking they would receive an airdrop.

An airdrop, in the cryptocurrency world, happens when a new project starts, and the developers look to add tokens into circulation. Usually, they would use the promise of an airdrop to create a community and generate buzz around the project, as people interested in receiving the airdrop would be tasked with certain things (for example, sharing Twitter posts, engaging in Discord communications, writing blogs, etc.).

However, instead of receiving the airdrop, once the victims connect their wallets and approve the transactions, the drainer would simply pull all of the funds from the accounts, and given blockchain’s nature, the funds would be lost for good. Group-IB believes that more than 130,000 people fell victim to the campaign, which netted its operators more than $80 million.

Inferno Drainer was allegedly shut down in November 2023, but the user panel was still active as of mid-January this year.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set