Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Business email compromise rackets still going strong, cybersecurity fi...
Infostealer threat group shows resilience despite major takedown and t...
Survey recaps well-known cybersecurity hurdles for Operational Technol...
AI model o3 defies shutdown commands autonomously, with code tampering
ATxEnterprise 2025 Boosts Global Participation, Reinforces Singapore&#...
LOGIN REGISTER
CybersecAsia
  • Conference 2025
  • Features
    • Featured

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Thursday, May 29, 2025, 5:04 PM Asia/Singapore | Features, Newsletter
    • Featured

      How the UAE proactively protects its digital economy

      How the UAE proactively protects its digital economy

      Monday, May 19, 2025, 2:16 PM Asia/Singapore | Features
    • Featured

      Navigating blockchain adoption amid rising security challenges

      Navigating blockchain adoption amid rising security challenges

      Wednesday, May 14, 2025, 12:32 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2024
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Conference 2025
  • Features
    • Featured

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Thursday, May 29, 2025, 5:04 PM Asia/Singapore | Features, Newsletter
    • Featured

      How the UAE proactively protects its digital economy

      How the UAE proactively protects its digital economy

      Monday, May 19, 2025, 2:16 PM Asia/Singapore | Features
    • Featured

      Navigating blockchain adoption amid rising security challenges

      Navigating blockchain adoption amid rising security challenges

      Wednesday, May 14, 2025, 12:32 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2024
  • Directory
  • E-Learning
News

Sophisticated crypto theft operation exploits phishing, smart contracts to steal millions

By CybersecAsia editors | Monday, May 26, 2025, 5:40 PM Asia/Singapore

Sophisticated crypto theft operation exploits phishing, smart contracts to steal millions

A new cybercrime campaign uses advanced phishing, obfuscated scripts, and malicious smart contracts to steal millions from unsuspecting cryptocurrency wallet holders.

According to the latest threat intelligence, a new wave of cryptocurrency thefts is being driven by a highly organized cybercrime operation calling itself Inferno Drainer that has refined the “Drainer-as-a-Service” model after claiming to exit the scene in November 2023.

This operation supplies cybercriminals with a toolkit of malicious scripts, smart contracts, and supporting infrastructure, enabling even low-skilled attackers to efficiently steal (or “drain”) digital assets from unsuspecting users’ wallets.

The attack chain typically begins with sophisticated phishing campaigns, often targeting members of crypto communities on platforms such as Discord. Then:

  • Attackers hijack expired vanity invite links or create fake bots that mimic trusted services, such as token-gated access management bots.
  • Once users are lured to these malicious servers, they are prompted to connect their wallets and sign seemingly legitimate transactions.
  • The phishing sites are convincing, closely imitating real interfaces and even displaying the user’s actual Discord credentials to lower suspicion.
  • The underlying malicious scripts are heavily obfuscated, employing multiple layers of string manipulation, dynamic function calls, and anti-debugging techniques to evade detection and analysis. Each phishing site receives a unique, frequently updated script, complicating automated discovery and takedown efforts.
  • A key innovation of this threat is its use of blockchain infrastructure to store critical configuration data and command server addresses. Rather than hardcoding these details, the scripts retrieve them from smart contracts on blockchains, using encrypted and encoded data that is difficult for defenders to analyze.
  • Communication with command servers is further shielded through rapidly rotating proxy servers and domains, often leveraging reputable platforms to avoid blacklisting.
  • The crypto theft itself is executed through a series of smart contracts that mimic legitimate token contracts but contain hidden logic. These contracts drain funds by exploiting wallet permissions or by prompting direct transfers. To bypass wallet security and blacklists, attackers employ short-lived contracts and frequently rotate receiving addresses. In some cases, tokens are sent to precomputed contract addresses that do not yet exist on-chain, making detection nearly impossible until after the theft occurs.

According to Eli Smadja, Group Manager, Check Point Research, the firm sharing its threat intelligence, over the past six months, this crypto threat operation has victimized more than 30,000 users, resulting in losses exceeding US$9m. The scale, technical sophistication, and relentless adaptation of tactics highlight the evolving threat landscape for cryptocurrency users.

Share:

PreviousRicoh IM C3010 Wins 2025 Pick Award from Keypoint Intelligence
NextHow to outsmart filename masquerading: A practical guide to safer file handling

Related Posts

OKCupid: A tale of potential dating disasters

OKCupid: A tale of potential dating disasters

Wednesday, August 5, 2020

Kroll: Social media emerges as a growing business risk

Kroll: Social media emerges as a growing business risk

Wednesday, October 2, 2019

Ten 2025 cyber predictions hinging on major 2024 cyber incidents          

Ten 2025 cyber predictions hinging on major 2024 cyber incidents          

Friday, January 3, 2025

Take note: fraudsters are digitalizing faster than the FI industry!

Take note: fraudsters are digitalizing faster than the FI industry!

Wednesday, February 15, 2023

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    With only a small IT team, the digital transformation has united operations across 30 locations, …Read more
  • Automating border control and security with facial recognition technology

    Automating border control and security with facial recognition technology

    Indonesia Immigration & Seaport Authorities enhances security and speeds up border control queues at Batam …Read more
  • Securing wealth advisory services without unnecessary friction: Endowus

    Securing wealth advisory services without unnecessary friction: Endowus

    The wealth advisory platform demonstrates its non-negotiable commitment to a robust security posture through partnering …Read more
  • LifeTech group sets up next-gen security operations center in Malaysia

    LifeTech group sets up next-gen security operations center in Malaysia

    By partnering with a unified cybersecurity platform, the firm will be offering cost-effective advanced SOC …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.