Crypto Drainers Retire as Law Enforcement Closes In

Crypto drainers, notorious for stealing funds from unsuspecting users, are facing increasing pressure from law enforcement as investigators uncover deeper connections between drainer services like Inferno Drainer and major attackers. Despite some of the most high-profile drainers, such as Inferno and Pink, announcing their retirements, victims continue to lose millions of dollars.

What Is a Crypto Drainer?

A crypto drainer typically tricks a user into connecting their wallet and approving a malicious transaction, which then empties the wallet of its funds. In October, over $20 million was lost to phishing schemes, according to Scam Sniffer. While the total volume decreased by 56% compared to September, the number of victims rose by 20%, highlighting the increasing reach of these scams.

Alex Katz, CEO of the internet security plugin Kerberus, noted that while the volume of draining incidents fluctuates, the rise in the number of victims is concerning.

Investigators Closing In

As crypto drainers face increasing scrutiny, law enforcement and cybersecurity firms are making significant strides in tracking down these criminals. Cos, the founder of MistTrack, believes that drainers are "shutting down" due to fear of getting caught. "They've made too much money, and continuing their operations only increases the risk of law enforcement discovering them or their accomplices," Cos told Cointelegraph.

For instance, Tether, the world’s largest stablecoin issuer, recently froze three wallets linked to drainer operations, following a request from law enforcement. These wallets were connected to a suspicious entity known as Konpyl, whose involvement in a $1.6 million scam using a fake Rabby wallet was uncovered by Cointelegraph. Investigations revealed links between Konpyl and the wallets of well-known drainers.

Drainer Services Going Dark

Crypto drainers typically exploit smart contract vulnerabilities, phishing attacks, or social engineering tactics to gain access to users' wallets. These draining tools are often marketed and sold as "scam-as-a-service" offerings, allowing malicious actors to conduct large-scale thefts for a fee.

Katz emphasized that drainers are not just isolated tools but full-fledged businesses, with developers taking a significant commission from the stolen funds. Popular services like Inferno, Pink, and Monkey Drainer have risen in notoriety, but these tools are now increasingly retiring. Inferno, for example, ceased operations in October, claiming that its services were now handled by a new entity, Angel Drainer.

Monkey Drainer, one of the first to adopt the SaaS (Software as a Service) model for crypto draining, shut down in March 2023, only for Inferno and Pink to take its place. Pink Drainer, developed by a former security expert, announced its retirement in May 2024, after reportedly stealing $85 million from over 21,000 victims. Inferno’s latest shutdown came shortly after Tether froze three associated wallets in mid-October.

Links Between Inferno Drainer and Konpyl

Onchain evidence suggests that Inferno Drainer is connected to Konpyl, with multiple wallets involved in draining operations. A notable example occurred in March 2024, when a victim lost $4.39 million in crypto to an attack involving Inferno Drainer. Some of the stolen tokens were routed through a wallet tied to Inferno, while others were consolidated and funneled into the DeFi platform CoW Protocol.

Further analysis of these fund movements uncovered connections to Konpyl, whose suspicious activities were also linked to a fake Rabby wallet scam. The wallets involved in the draining operations showed a consistent relationship with Konpyl’s known addresses.

While some experts, like Fantasy from Fairside Network, suggest these wallets might belong to Inferno’s customers rather than the drainer itself, the overall evidence points to a deeper involvement by Konpyl in the illicit activities.

The Role of Law Enforcement and Security Firms

Law enforcement agencies and cybersecurity firms are making it increasingly difficult for drainers to operate. Organizations like MistTrack, Scam Sniffer, and SEAL 911 are actively blacklisting illicit addresses, while browser extensions like Kerberus and wallet services such as Blockaid are enhancing security for users.

Despite the increasing pressure, Katz cautions that shutting down a drainer service doesn’t mean the criminals behind it are gone for good. "They may retire for now, but don't be fooled," Katz warned. "These criminals can rebrand, start fresh, and continue their operations under new names. Never trust them."

Conclusion

As law enforcement closes in on crypto drainers, many are choosing to retire, fearing detection and prosecution. However, the underlying threat remains, and new actors may simply take their place. While services like Inferno and Pink Drainer have shut down, the fight against crypto theft continues, with law enforcement and cybersecurity experts working tirelessly to track down and shut down these operations. The evolving tactics of crypto criminals and their ability to rebrand means that the battle against draining scams is far from over.