The last couple of years have shown one clear pattern: scams in crypto don’t follow the usual path. They don’t vanish after exposure. They pause, adapt, and return in new forms.

This year, the Inferno Drainer campaign showed once more how scams evolve. Launched in 2023 as a wallet-draining service and publicly declared shut down later that year, it has returned in 2025 - rebuilt, upgraded, and already responsible for millions in losses.

What Is Inferno Drainer, and Where Does It Happen?

Inferno Drainer is a scam built to empty crypto wallets. It doesn’t arrive as malware or a download. It spreads through the places where crypto communities gather - Discord servers, Telegram chats, and even official-looking social media accounts.

Inside those spaces, wallet checks are a normal step. Many projects use tools like Collab.Land to confirm that members really hold the required tokens before joining a community. You connect your wallet, sign a short request, and access is granted.

The renewed Inferno campaign copied that exact process. A fake page appears in the chat, urging members to verify or claim something. The wallet pop-up looks familiar, but instead of proving ownership, it hands control of the wallet to the attackers. Funds may vanish immediately, or much later, when the victim no longer remembers the click.

Confirmed Damage After the Return

In just six months since its resurgence, Inferno Drainer is estimated to have struck 30,000+ wallets and siphoned over $9 million in various crypto assets.

One of the most striking cases surfaced in September 2025, when a long-time DeFi trader watched $6.5 million vanish. His wallet had been active for years, tied to respected protocols like Lido and Aave. The attack began through a phishing flow in a community channel. A single “permit” approval, which looked routine at the time, became the opening. The attackers chained that signature across multiple contracts, moving funds in quick bursts before anyone could intervene.

Even more alarming, the story didn’t end there. Inferno Drainer has continued into October 2025, unfolding with even more sophisticated methods - including the compromise of the official BNB Chain X account used to push phishing links tied to the drainer.

How to stay EXTRA SAFE from the Inferno Drainer campaign?

For individual crypto holders:

• Treat every “connect” or “sign” as a risk. Pause. Read the popup. If the language says “approve unlimited allowance,” do not sign.

• Use a separate interaction wallet. Keep your holdings in a cold/hardware wallet. Only use a second, low-balance wallet for community verifications and NFT drops.

• Revoke old approvals regularly. Check and clear allowances on Etherscan or Revoke.cash - don’t leave permissions open forever.

• Use hardware wallets for any value over a few hundred dollars. They force a physical confirmation that stops remote scripts.

• Set alerts. Use on-chain alerting services to notify you of approvals or large outgoing transfers from addresses you care about.

For teams, projects, and communities:

• Pin official links and verification flows. Train moderators to only post vetted URLs — and rotate who can post links.

• Use read-only verification where possible. Favor checks that don’t require signing transactions (proof-of-hold through view-only APIs).

• Limit who can request wallet signatures in community channels. Treat verification prompts like security incidents, not routine tasks.

• Add friction for money moves. For org wallets use multi-sig, timelocks, and approval gates so a single signature can’t drain funds.

• Run regular drills and share real examples. Show the community the exact wallet popup that is malicious so members learn to spot it.

Whether you’re a crypto holder or part of a community team, use a secure communication tool like EXTRA SAFE for out-of-band confirmation. Whenever a wallet connect, signature, or verification is requested in Discord, Telegram, or similar spaces, start a quick 1:1 session in EXTRA SAFE with a trusted moderator, colleague, or teammate to make sure the request is legitimate before you sign.

Upon first opening, the app creates a permanent Ethereum-like account (with a public/private key pair)—the identity behind your EXTRA SAFE number. These keys stay on your device and are used to authenticate you (sign requests and set up sessions) and end‑to‑end encrypt your messages. Every session connects peer-to-peer by default and is secured with asymmetric encryption, ensuring privacy you can rely on.

Download the EXTRA SAFE app for iOS and Android. Prefer the browser version? Try it at extrasafe.chat

If You Think You Were Hit

Act fast and assume compromise: revoke approvals, move any remaining funds to a cold wallet (if you still control keys), notify your project and community, check on-chain flows, and contact centralized exchanges immediately if funds were moved there. If a signature gave allowance (not immediate drain), consider using a multisig or time delay to block withdrawals while you investigate.

About #EXTRASAFEcheck:

New security risks pop up every day, spreading faster than ever. From AI flaws to data leaks, even the most popular apps can pose hidden threats, affecting both teams and individual users. That’s why our monthly review brings you the most important updates to keep you informed and protected. Follow #EXTRASAFEcheck to spot risks early and make safer online choices.