Crypto
Wallet Drainer
Definition
A wallet drainer is a crypto scam tool that tricks you into approving or signing transactions that let attackers transfer assets out of your wallet.
What is wallet drainer?
A wallet drainer is malicious software (usually a fake website or dApp) designed to steal crypto by persuading a user to connect a wallet and then authorize actions that give the attacker a path to move funds. Unlike “hacks” that break blockchain rules, drainers abuse normal wallet features—approvals, signatures, and transaction prompts—so the theft can look like something the user “allowed.” Wallet drainers are a core topic within crypto wallet scams and how to avoid them because they rely on social engineering more than technical exploits, and they can affect any wallet that interacts with Web3 apps.
Wallet drainer crypto
In wallet drainer crypto scams, the attacker’s goal is to get a victim to click “Confirm” on something that appears routine: claiming an airdrop, minting an NFT, verifying a wallet, or joining a whitelist. The drainer site often imitates a real brand, uses lookalike domains, and pushes urgency (“limited claim window”) to reduce careful review. Once the wallet is connected, the drainer presents a transaction or message that is intentionally confusing, sometimes bundling multiple actions. This is where approval phishing is common: the user is prompted to grant a token allowance (permission) that later enables the attacker to pull tokens from the wallet. For a deeper walkthrough of the typical flow, see how wallet drainers work.
Crypto drainer
A crypto drainer is a broader label for the same class of phishing-driven theft tools across chains and wallet types. The key idea is that the attacker doesn’t need your seed phrase if they can get you to authorize the right on-chain permissions or signatures. Many drainers combine two tactics: signature phishing (getting you to sign a message that authorizes something you didn’t intend) and on-chain approvals that create ongoing access to specific tokens. After the initial interaction, the attacker’s infrastructure monitors the victim address and quickly executes transfers—often prioritizing the most liquid assets first. Some operations also include “sweeper” logic that repeatedly checks for new deposits and drains them until permissions are revoked.
Drainer script
A drainer script is the code that powers the scam experience: wallet connection prompts, transaction building, signature requests, and automated routing of stolen assets. In practice, this script can detect the chain, query token balances, and decide whether to request an approval, a direct transfer, or a signature-based authorization. Modern drainers are frequently sold or rented as drainer as a service, where a provider supplies the code, templates, and dashboards while affiliates handle distribution (spam, fake ads, compromised social accounts, or impersonation in Discord/Telegram). This “productization” matters because it lowers the skill required to run a drainer campaign: an affiliate may not understand smart contracts deeply, but can still deploy a convincing site, collect victims, and share proceeds with the service operator.
Why wallet drainer matters
Wallet drainers matter because they exploit the trust layer of self-custody: the user interface and the user’s decision-making, not the blockchain’s cryptography. As more activity moves on-chain—trading, minting, staking, governance—users are asked to sign more often, which increases the chance of a single bad approval or deceptive signature. The damage can also persist: an unlimited token allowance granted during approval phishing may allow repeated theft until revoked, even if the victim never revisits the scam site. Understanding wallet drainers is therefore essential to reducing losses from crypto wallet scams and how to avoid them, especially by learning to scrutinize approvals, verify domains, and treat unexpected signature requests as high-risk events.
Frequently Asked Questions
How does a wallet drainer steal crypto without a seed phrase?
A wallet drainer typically steals by getting you to approve a transaction, grant a token allowance, or sign a deceptive message. Those authorizations can be enough for an attacker to transfer tokens or NFTs using normal on-chain permissions. No private key theft is required if the user is tricked into consenting.
What is the difference between approval phishing and signature phishing?
Approval phishing tricks you into granting an allowance so a malicious address can later spend your tokens. Signature phishing tricks you into signing a message that authorizes an action you didn’t intend, sometimes enabling immediate transfers or permission changes. Both rely on misleading prompts rather than breaking wallet security.
Can a wallet drainer take ETH or only tokens?
Drainers can target many asset types, including tokens and NFTs, and may also attempt to get you to sign or confirm a direct native-asset transfer. However, token theft is often done via allowances, while native assets usually require an explicit transaction approval. The exact capability depends on what you sign or confirm.
What is drainer as a service?
Drainer as a service is a criminal business model where a provider sells or rents wallet-draining tooling to affiliates. The provider supplies the drainer script, templates, and sometimes infrastructure, while affiliates focus on luring victims. Profits are typically shared through a commission or revenue split.
What should I do if I interacted with a wallet drainer?
Immediately revoke token allowances you don’t recognize, move remaining assets to a fresh wallet, and stop using the compromised address for new deposits. Also check connected sites and permissions in your wallet and disconnect anything suspicious. If NFTs were targeted, review approvals for NFT operators as well.
