Inferno Drainer Malware Returns, Stealing $9M from Crypto Wallets in Six Months

One of the most sophisticated crypto drainers has resurfaced in a malware campaign targeting Discord users.

May 9, 2025

3 min read

Malware. Image: Shutterstock

Crypto-stealing malware Inferno Drainer remains in operation despite publicly shutting down—and has has been used to snatch over $9 million from crypto wallets over the past six months.

According to cybersecurity firm Check Point Research, over 30,000 crypto wallets have been drained by the resurgent malware campaign, whose developers claimed to have ceased operations in November 2023.

Deep Dive into Inferno Drainer Reloaded: tracing malicious smart contracts, decrypting drainer configs, and fully uncovering the Discord phishing attack via a fake CollabLand bot. Over 30K new victims in just six months.https://t.co/xgcg9AaMRu

— Check Point Research (@_CPResearch_) May 7, 2025

A spokesperson for CPR told Decrypt that the figure was based on "data obtained from reverse-engineering the drainer's JavaScript code, decrypting its configuration received from the C&C server, and analyzing its on-chain activity." The majority of observed was on Ethereum and Binance Chain, they added.

CPR analysts reported that Inferno Drainer smart contracts deployed in 2023 are still active to this day, while the current version of the malware appears to have been improved upon over the previous iteration.

The malware is reportedly now able to use single-use smart contracts and on-chain encrypted configurations, making it far harder to detect and prevent attacks. In addition, command-and-control server communication has been obfuscated via proxy-based systems, meaning tracking has become even more difficult.

Inferno Drainer's resurgence comes alongside a phishing campaign targeting Discord users. According to CPR analysts, the campaign leveraged social engineering techniques to redirect users from a legitimate Web3 project’s website to a counterfeit site mimicking the verification UX for popular Discord bot Collab.Land. The fake Collab.Land site hosted a cryptocurrency drainer, which tricked victims into signing malicious transactions—enabling attackers to gain access to their funds.

By combining “targeted deception and effective social engineering tactics,” the malware campaign has generated a “stable financial flow identified through blockchain transaction analysis,” CPR analysts said.

ETH

-4.65%$2,484.31

24H7D1M1YMAX

Price data by

ETH price

Crypto users are advised to exercise extra caution whenever they are interacting with unfamiliar platforms. The fake Collab.Land bot identified by CPR contained only “subtle visual differences” to the legitimate bot, and the cybercriminals behind the deception are likely to “continue refining their imitation,” the researchers said.

Because the legitimate Collab.Land service requires users to verify their wallet by signing, they noted, “even experienced cryptocurrency users may lower their guard” when presented with the fake bot—making it even more important to verify authenticity before connecting wallets to any service.

The revival of Inferno Drainer is just one of a number of malware campaigns to surface in recent months. Hackers are adopting increasingly sophisticated techniques to deliver crypto-stealing malware, targeting hacked mailing lists, open-source Python libraries and even preloading trojans on counterfeit Android phones.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Recommended News

Bitcoin Blasts to New All-Time High Price Above $109,000
Bitcoin soared to a new record price above $109,000 on Wednesday morning, pushed by tailwinds that have sent cryptocurrencies and other risk-on assets higher over the past two months. The largest crypto by market capitalization was recently trading at $109,378 at crypto exchange Coinbase, up 4.5% over the past 24 hours. According to Coinbase, BTC topped out at $109,500 before cooling. Bitcoin is now up nearly 25% over the last month. "Bitcoin is pushing toward new highs with strong tailwinds beh...
NewsCoins
3 min read
James RubinMay 21, 2025
Create an account to save your articles.
Crypto Billionaire Justin Sun Says He's Headed to Trump Dinner as Top Meme Coin Holder
A list of 220 of the top holders of President Donald Trump’s official Solana-based meme coin (TRUMP) was headed by Tron founder Justin Sun, the crypto billionaire confirmed via social media on Monday. The list contained registered TRUMP holders vying for an invitation to the president’s gala dinner to be hosted at Trump National Golf Course in Washington, D.C. on May 22. The top 25 “VIP” holders, including Sun, also receive access to an exclusive reception and special tour alongside the dinner....
NewsCoins
4 min read
Logan HitchcockMay 20, 2025
Create an account to save your articles.
Fidelity, Ark Funds Pull In $343M As Bitcoin ETF Flows Spike
Bitcoin ETFs have seen their best day of trading since the start of May, with smaller funds enjoying healthy inflows. Fidelity's Wise Origin Bitcoin Fund (FBTC), the second-largest spot ETF in the U.S., saw its net assets rise by $188 million in just 24 hours, per data from SoSoValue. Meanwhile, the ARK 21Shares Bitcoin ETF (ARKB)—in fourth place after the Grayscale Bitcoin Trust—clocked inflows of $155 million, with the two funds between them accounting for more than half of the funds invested...
NewsCoins
3 min read
Connor SephtonMay 20, 2025
Create an account to save your articles.

Coin Prices