A recent cyberattack targeted users of CoinMarketCap, a widely used cryptocurrency data platform, resulting in the theft of more than $43,000 in crypto assets from 110 users. The attackers leveraged a malicious toolkit known as Inferno Drainer to execute the scheme.
How the Attack Worked
The scammers embedded a convincing wallet connection prompt directly into CoinMarketCap’s interface. This prompt, which asked users to “Verify Your Wallet” to access site features, mimicked legitimate pop-ups, leaving users with little reason to doubt its authenticity.
According to leaked communications from a Telegram channel called TheComms Leaks, the fraudulent prompt appeared across nearly every page of the CoinMarketCap site, maximizing the number of potential victims. Attackers even discussed making the prompt appear as users loaded the site, increasing the likelihood of wallet connections. Once users connected their wallets through the fake prompt, Inferno Drainer quietly siphoned off all available assets from those wallets.
About Inferno Drainer
Inferno Drainer is a well-known “scam-as-a-service” toolkit that provides ready-made code for phishing and wallet-draining attacks. It is offered to cybercriminals in exchange for a percentage (typically 20–30%) of the stolen funds. Since its emergence, Inferno Drainer has been linked to the theft of millions of dollars in crypto assets, operating across multiple blockchains such as Ethereum, Arbitrum, Polygon, and BNB Chain.
Inferno Drainer and similar scam services have become a significant threat to the crypto community, with total losses attributed to Inferno Drainer exceeding $5.9 million from thousands of victims globally. Even after its supposed shutdown, affiliates and copycats continue to pose risks to cryptocurrency users.
