With the growth of cryptocurrency over the past two decades, a new threat has emerged that is targeting cryptocurrency owners: crypto-drainers. They are a malicious software that rapidly drains crypto wallets by automatically siphoning off either all or just the most valuable assets they contain and funneling them into the wallets of cybercriminals. What makes crypto-drainers particularly dangerous is their speed and stealth - transactions are executed so quickly and covertly that victims often don’t realise what has happened until it’s too late, and recovery of the stolen assets is virtually impossible.

How do Crypto-Drainers work?
Modern crypto-drainers are largely automated systems designed to rapidly drain funds from the victims’ cryptocurrency wallets. They can find the value of the crypto assets within a wallet, identify the most valuable, create malicious transactions and siphon off the assets extremely quickly and efficiently – all while obfuscating the fraudulent transactions to make them challenging to detect or understand.
Before the automated draining process begins, however, several preparatory steps are taken by the attackers. Firstly, they will create a counterfeit web page that mimics the design, branding and domain structure of a legitimate cryptocurrency project. Within the crypto-community there is a trend of using trendy, similar-looking domain extensions so bad actors exploit this and mimic some of these domains, making victims believe they are legitimate pages.
To drive traffic to these fraudulent sites, attackers use a variety of social engineering tactics. Some of the most popular are promises of airdrops, where free tokens or coins are given out for promotion of a new project, and counterfeit NFT minting opportunities, which appeal to collectors hoping to acquire limited-edition digital assets. Both lures are well-known and widely sought after in the crypto community, making them particularly effective at drawing in unsuspecting victims.
Once a user engages with the site and believes they are claiming a legitimate reward, they are prompted to sign a transaction generated by the drainer. This action might directly transfer funds to the scammer’s wallet or, more subtly, grant permissions that allow a malicious smart contract to take control of the user’s assets. In either scenario, once the transaction is approved, the valuable contents of the wallet are swiftly and irreversibly transferred to the attacker.
One Million Dollars Stolen in Minutes
One of the most renowned examples of a crypto-drainer was the theft of 14 Bored Ape NFTs from an NFT collector in December 2022, which had a total value of over $1 million dollars. The elaborate scam began when a scammer posing as a casting director from a real Los Angeles based movie studios Forte Pictures contacted an NFT collector offering to feature his NFTs in a fictional film project. To reinforce the deception, the scammer built a lookalike fraudulent website for the film, complete with production credits and invented a partner platform called “Unemployd” – a supposedly AI-powered social IP platform for NFTs. The scammer went so far as to fabricate social media activity, fake Twitter spaces, and even staged interactions with other high-profile accounts to appear credible.
After weeks of back-and-forth, the victim was directed to sign what appeared to be a standard licensing agreement via the Unemployd platform. In reality, this was a cleverly disguised crypto drainer. When the collector signed the transaction, they unknowingly authorized a contract function that transferred all ownership of all 14 Bored Ape NFTs to the scammer’s wallet in exchange for 0.00000001 ETH, about $0.001 at the time. Once the assets were in the scammer’s wallet, they were immediately liquidated on NFT marketplaces, generating approximately 852.86 WWTH (Wrapped Ether), which was then swapped for around $1.07 million. Although one of the more elaborate crypto-drainer scams, it does show how they can weaponize social engineering and deceptive smart contracts to execute thefts that appear legitimate on the surface but are irreversible once confirmed on the chain.
How to Protect Crypto Assets
As cybercriminals operating crypto drainers become increasingly sophisticated, there are various measures that can be taken to significantly reduce the likelihood of falling victim to these attacks:
1. Use cold wallets for long term storage - Store most high-value assets in cold (offline) wallets, which are not connected to the internet and are therefore immune to most remote attacks. Only transfer funds to hot wallets (online) when necessary.
2. Avoid concentrating assets in one wallet - Distribute holdings across multiple wallets. This limits exposure if a single wallet is compromised.
3. Revoke unused permissions regularly - Tools are available to audit and revoke any token approvals or smart contract permissions that are no longer in use. Many crypto drainers exploit lingering approvals to silently access wallets.
4. Scrutinise transaction prompts - Leverage browser extensions or wallet add-ons that clearly display the function and risk of each transaction. These tools help identify malicious approvals or contract interactions before they’re confirmed.
5. Be cautious with links and domains - Avoid clicking on unsolicited links shared via social media or email. Double check domain names and be wary of trendy of misspelled URLs that imitate known projects.
6. Stay vigilant while browsing - Revisit URLs carefully – a single misplaced letter or unusual page element could signal a fake site. If anything feels off, stop and verify through trusted channels.

Sources
https://tangem.com/en/blog/post/crypto-wallet-drainers/ 
https://www.kaspersky.com/blog/what-is-a-crypto-wallet-drainer/50490/
https://www.chainalysis.com/blog/crypto-drainers/
https://trustwallet.com/blog/security/what-are-crypto-wallet-drainers
https://www.group-ib.com/resources/knowledge-hub/crypto-wallet-drainers/

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.