Security & Privacy

Drainer (Crypto Scam)

A malicious smart contract or phishing tool designed to steal all tokens and NFTs from a wallet upon approval.

Drainer (Crypto Scam) — A drainer is a type of malicious smart contract or script designed to steal all valuable assets from a victim's wallet through deceptive approval transactions. Drainers are typically deployed on phishing websites that mimic legitimate DeFi applications and are sold as turnkey scam kits on underground markets.

How It Works

A drainer operates through a phishing website that prompts the victim to connect their wallet and sign one or more transactions. These transactions appear harmless — often disguised as a token claim, NFT mint, or wallet verification — but actually contain calls to approve(), setApprovalForAll(), permit(), or direct transfer() functions that grant the attacker control over the victim's assets.

Modern drainer kits are sophisticated software packages that automatically scan the victim's wallet, identify all valuable tokens and NFTs across multiple chains, and generate optimized drain transactions that extract maximum value. Some drainers use permit signatures (EIP-2612) that do not require an on-chain approval transaction, making them harder to detect — the victim signs an off-chain message that the attacker later submits to move tokens.

Drainer-as-a-service (DaaS) platforms provide ready-made phishing infrastructure, including website templates, smart contracts, and Telegram-based dashboards. The DaaS operator typically takes a 20-30% cut of stolen funds, making draining accessible to non-technical scammers.

Why It Matters

Drainers have become the dominant tool for crypto theft targeting individuals, responsible for hundreds of millions of dollars in losses annually. Their effectiveness stems from increasingly convincing phishing sites that are difficult to distinguish from legitimate protocols, combined with transaction prompts that most users do not fully understand.

Protection requires vigilance at multiple levels: bookmark legitimate DeFi sites and never follow links from messages, use wallet security tools that simulate transactions before signing, understand what approval transactions actually authorize, and consider using separate wallets for different purposes — keeping high-value assets in a wallet that rarely interacts with new contracts.

Real-World Example

A scammer creates a fake NFT airdrop site that looks identical to a popular NFT marketplace. Victims are directed to the site through Twitter ads and Discord DMs. When a victim clicks "Claim Airdrop," their wallet prompts a setApprovalForAll transaction for their NFT collection. If approved, the drainer's backend immediately sweeps all NFTs from the wallet, lists them for sale on legitimate marketplaces, and splits the proceeds between the scammer and the DaaS platform.

Related Terms

Security & Privacy

Phishing (Crypto)

A social engineering attack where scammers impersonate legitimate projects or exchanges to steal wallet credentials or seed phrases.

Read definition Security & Privacy

Social Engineering (Crypto)

Manipulating people into revealing private keys or approving malicious transactions through fake support, giveaways, or impersonation.

Read definition DeFi & AMM

Smart Contract

Self-executing code stored on a blockchain that automatically enforces the terms of an agreement without intermediaries.

Read definition Blockchain & Crypto Fundamentals

Private Key

A secret cryptographic string that grants full control over a wallet's funds; losing it means losing the wallet permanently.

Read definition Blockchain & Crypto Fundamentals

Seed Phrase (Mnemonic)

A 12- or 24-word human-readable backup of a wallet's private key, used to restore access to a wallet on any device.

Read definition

Frequently Asked Questions

Common questions about Drainer (Crypto Scam) in cryptocurrency and DeFi.

How can I tell if a transaction is from a drainer?

Look for approval transactions (approve, setApprovalForAll, permit) when you expect a different action like minting or claiming. Use wallet security extensions like Pocket Universe or Wallet Guard that simulate transactions and warn about suspicious approvals. If a site asks you to sign a message that looks like random data, it may be a permit signature that can drain your tokens.

Can a drainer steal my crypto without me signing anything?

No, a drainer requires you to sign at least one transaction or message. Your wallet will always prompt you before any on-chain action. However, the prompt may be misleading — drainers rely on users not understanding what they are signing. This is why transaction simulation tools and careful review of every signing request are essential.

What should I do if I suspect I connected to a drainer site?

Immediately revoke all token approvals granted in the session using Revoke.cash. Check your recent transactions for any approvals you did not intend. If you signed a permit message, the attacker may not have used it yet — transfer your valuable assets to a new wallet as quickly as possible. Report the phishing site to community channels and platforms like chainabuse.com.

Ready to put your knowledge into practice?

Start Boosting