Fake airdrop SMS to KuCoin users stir data leak concerns

Though scammers behind the Inferno Drainer malware announced the closure in 2023, new reports indicate that more bad actors are the targeting KuCoin community.

In an X post shared on Feb. 22, a web3 security advocate known as CryptoShields.eth disclosed a screenshot of an SMS message falsely asserting there’s a KCS airdrop, implying eligibility for the recipient despite the absence of any legitimate airdrop.

While it’s unclear who is exactly behind the campaign, CryptoShields.eth asserts that the activity is linked to Inferno Drainer, a well-known scam-as-a-service platform that publicly declared its shutdown in August 2023.

According to data from Whois, the domain mentioned in the text messages was registered via Squarespace on Feb. 13. At the time of writing, KuCoin has not issued any public statements on the matter. It also remains unclear whether the latest development signifies a full-scale scam attack, potentially facilitated by an internal breach at KuCoin.

The fraudulent website claims to host an ongoing airdrop of KCS tokens, offering users the opportunity to obtain free tokens. Interested participants are required to provide a signature via their non-custodial wallet to “prove ownership of wallet.” However, numerous reports have shown that scammers usually put malicious codes on their websites, causing users’ wallets to lose funds when they provide signatures to interact with their wallets.