The front-end compromise redirects users to a fake site that injects malicious code designed to drain wallets.
Pepe News
The official website for the PEPE meme coin has been compromised by attackers, redirecting users to malicious links. Blockaid's cybersecurity system identified a front-end attack on Thursday containing Inferno drainer code.
"Blockaid detected Inferno drainer code on the Pepe front-end, matching a known drainer family we regularly identify," the company's Threat Intelligence Team told Cointelegraph. The front-end compromise redirects users to a fake site that injects malicious code designed to drain wallets.
Inferno Drainer is a suite of scam tools employed by threat actors, including phishing website templates, wallet drainers, and social engineering tools. The cybersecurity incident highlights ongoing vulnerabilities in the memecoin sector as attackers target popular token websites.
The price of PEPE did not react immediately to the hack. The memecoin is up by about 4% over the last 24 hours, but has declined more than 77% over the last 12 months.
Users are encouraged to stay clear of the site until the issue is resolved. This latest attack demonstrates the ongoing need for vigilance among crypto users as a defense against phishing scams and other cybersecurity threats.
Inferno Drainer usage tripled in 2024, according to Blockaid, despite the team behind Inferno Drainer claiming they would shutter the scam service in 2023. "At the beginning of the year, we saw about 800 new malicious Inferno Drainer DApps per week. Now, that number has tripled to 2,400 per week," Oz Tamir, a former Blockaid engineer, told Cointelegraph in August 2024.
Since that time, the Inferno Drainer group and suite of tools have been linked to several social engineering scams, social media exploits, and malware-related crypto thefts. The attackers have targeted multiple high-profile accounts and platforms to distribute malicious links.
Blockaid's system continues monitoring for Inferno Drainer activity across decentralized applications and websites. The security firm regularly identifies new variations of the drainer family as attackers adapt their tactics to evade detection systems.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
