Inferno is a wallet drainer group that boasts about its $80M+ in revenues generated through over 1,000 malicious dApp URLs which they’ve used to scam unfortunate web3 users around the world.

From February 2023 until its recent “shutdown” last month, the group's method was to deploy these URLs via fake or hacked accounts impersonating blockchain figures and entities, including Vitalik Buterin, Arbitrum, Optimism, OpenSea, and Layer Zero Labs. Their stealthy approach tricked users into connecting their crypto wallets, which would immediately be drained.

Blockaid made it harder for Inferno to operate

Why did they decide to shut down? Well, the answer lies within their internal Telegram chat, where they explicitly mention Blockaid’s partnership with MetaMask a challenge to their business:

It’s no surprise that the partnership is making it tough for Inferno, as Blockaid’s proprietary Internet-wide dApp scanning and transaction simulation and validation are making those wallets immune to Inferno attacks. Here are the number of Inferno attacks on Blockaid-enabled wallets, meaning the number of instances that Blockaid-enabled wallets try to connect their wallet to the dApp and are warned not to. 

Inferno stopped launching new onchain dApps

It’s quite the operation — all the dedicated personal, underlying onchain infrastructure, and network of agents and attackers. As one of the largest decentralized attacker groups Inferno has registered nearly 1000 unique domains that are each unique dApps that connect back to their wallet drainer onchain infrastructure. 

Here’s a graph of those domains deployed over time since late June showing that they have indeed stopped launching net new dApps in any large numbers, and seems to have had no new dApps launched since mid-October.

Yet their infrastructure continues to profit off people who aren’t protected by Blockaid

Yet they still continue to profit daily from already-deployed infrastructure, as we can see with the number of wallets that connect to Inferno onchain infrastructure from Jan to December 2023:

Closer examination shows that even on Christmas Day 2023 alone they stole nearly $800k from web3 users.

The solution is more Blockaid-protected wallets and dApps

Over the past few months, major crypto wallets and dApps including OpenSea, MetaMask, Rainbow, 1inch, and Zerion have integrated with Blockaid to protect users from these wallet-draining scams. This new security layer is what stalled Inferno’s operations. And we’re pleased to be part of putting the group out of business.

Yet, despite this setback, the threat persists. The previously used URLs are estimated to still generate roughly $500,000 monthly in passive income. Furthermore, Inferno is just one of the groups — Blockaid is also investigating the methods and strategies employed by the Angel drainer group, who perpetrated the Ledger Connect Kit Hack last month.

While much progress has been made to make drainers’ lives difficult, the fact that so many web3 users are still impacted makes it hard for newcomers to trust the space. We believe that by solving onchain security, we can help enable the immense potential of web3 for billions of people around the world. And we’re just getting started.