More than $80 million worth of digital assets from over 100 cryptocurrency brands were exfiltrated by the Inferno Drainer cryptocurrency scam last year, making it the most prolific cryptocurrency drainer last year despite ceasing operations in November, according to SiliconAngle.
Over 16,000 unique domains have been leveraged to facilitate the malicious activities of the operation, which only sought a 20% cut of the illicit proceeds obtained by its affiliates, a report from Group-IB showed. Aside from being spread via phishing pages advertised on Discord, X, and other social media sites, Inferno Drainer has also masqueraded as widely used Web3 protocols to lure potential victims, said researchers.
"Inferno Drainer may have ceased its activity, but its prominence throughout 2023 highlights the severe risks to cryptocurrency holders as drainers continue to develop further," said Group-IB High-Tech Crime Investigation Department Head Andrey Kolmakov, who urged increased vigilance among cryptocurrency holders amid the increasing sophistication of phishing attacks.
Thousands of organizations across the U.S. have been targeted by a new phishing campaign deploying the Bumblebee malware, which was last observed in the wild in September, according to BleepingComputer.