- The Inferno Drainer malware has resurrected and compromised over 30,000 wallets
- The malware has siphoned more than $9 million from victims in the last six months
- Inferno Drainer had announced its shutdown in 2023
Less than two years after crypto wallet draining kit Inferno Drainer reportedly shut down, it has resurrected and compromised more than 30,000 wallets. The crypto malware has stolen over $9 million in the last six months through multiple tactics. The resurfaced wallet drainer was discovered by researchers who reverse-engineered its code and investigated its activities on the blockchain, suggesting that its presumed shutdown was a way to camouflage and reduce scrutiny from investigators.
Discord Crypto Users Targeted
A report by cybersecurity firm Check Point Research indicated that Inferno Drainer is actively running “a sophisticated campaign that abuses Discord and targets crypto users.” It added that the malicious actors redirect web3 users from genuine websites to phishing sites and “trick them into signing malicious transactions.”
Deep Dive into Inferno Drainer Reloaded: tracing malicious smart contracts, decrypting drainer configs, and fully uncovering the Discord phishing attack via a fake CollabLand bot. Over 30K new victims in just six months.https://t.co/xgcg9AaMRu
— Check Point Research (@_CPResearch_) May 7, 2025
The researchers disclosed that Inferno Drainer “remained fully operational” despite announcing it was shutting down in late 2023. According to the report, the wallet drainer has upgraded its anti-detection tactics allowing it to bypass anti-phishing blacklists and wallet security systems.
Check Point Research noted that the wallet drainer uses technical tactics and social engineering schemes to lure victims.
Imitating a Genuine Discord Bot
The cybersecurity firm discovered that the malware is misusing the Collab.Land bot to mislead crypto users on Discord. Discord uses the bot to limit access to channels by verifying a user’s NFT and crypto holdings.
Inferno Drainer introduced a fake version of the bot but with striking similarities, making it hard for victims to spot the difference. On the technical side, the wallet drainer is using arithmetic obfuscation, anti-debugging techniques, multi-layered obfuscation, and multiple smart contracts to confuse investigators.
Other wallet drainers that have announced leaving the space include Pink Drainer, while others have openly migrated from one network to another due to a lack of wealthy victims.
With other wallet drainers like Pink Drainer shutting down around the same time as Inferno Drainer, they’re likely also still in operation.
