Embarking on a cybercrime odyssey between November 2022 and November 2023, the notorious Inferno Drainer executed a meticulously planned heist under the guise of cryptocurrency giant Coinbase. Singapore-based cybersecurity firm Group-IB uncovered the audacious plot, revealing the malicious actors’ creation of over 16,000 unique domains within a year. The elaborate scheme involved high-quality phishing pages, seducing over 137,000 victims into connecting their cryptocurrency wallets to the attackers’ infrastructure, cunningly mimicking Web3 protocols to authorize unauthorized transactions.
Operating on a scam-as-a-service model, the Inferno Drainer invited affiliates to partake in the criminal venture, enabling them to upload the malware to their own phishing sites or avail the developer’s services for crafting and hosting phishing websites. Group-IB’s analysis exposed the attackers’ ability to mimic over 100 cryptocurrency brands through meticulously designed pages dispersed across thousands of unique domains. Adding a layer of complexity, the perpetrators camouflaged their JavaScript-based drainer within GitHub repositories, amplifying the challenge of detection.
A deeper dive into 500 domains revealed the initial hosting on a GitHub repository, intriguingly attributed to a non-existent user named “kuzdaz.” Deceptive tactics extended to platforms like Discord and X, enticing victims with promises of free tokens through airdrops. Operating under aliases like seaport.js and coinbase-wallet-sdk.js, the Inferno Drainer masqueraded as popular Web3 protocols, including Seaport, WalletConnect, and Coinbase. While the cyber storm may have temporarily subsided, the lingering presence of the Inferno Drainer throughout 2023 underscores the perpetual threats haunting cryptocurrency holders, emphasizing the imperative for sustained vigilance in the ever-evolving realm of cybercrime.
As the cryptocurrency community navigates the aftermath of this brazen attack, the lessons learned serve as a poignant reminder of the constant need for robust cybersecurity measures in an ecosystem where threats evolve at an alarming pace.
