Cointelegraph Bitcoin & Ethereum Blockchain News

What is a crypto drainer?

A crypto drainer is a malicious script designed to steal cryptocurrency from your wallet. Unlike regular phishing attacks that try to capture login credentials, a crypto drainer tricks you into connecting your wallets, such as MetaMask or Phantom, and unknowingly authorizing transactions that grant them access to your funds.

Disguised as a legitimate Web3 project, a crypto drainer is usually promoted via compromised social media accounts or Discord groups. Once you fall prey to the fraud, the drainer can instantly transfer assets from the wallet.

Crypto drainers may take various forms:

Crypto drainers are a growing threat in Web3, enabling quick, automated theft of crypto assets from unsuspecting users through deception. Common methods of crypto drainers include: 

• Phishing websites.
• Fake airdrops.
• Deceptive ads.
• Malicious smart contracts.
• Harmful browser extensions.
• Fake NFT marketplaces.

Crypto drainers-as-a-service (DaaS), explained

DaaS elevates the threat of crypto drainers by commercializing them. Just like  software-as-a-service (SaaS) platforms, DaaS platforms sell ready-to-use malware kits to cybercriminals, often in exchange for a percentage of the stolen funds.

In the DaaS model, developers offer turnkey draining scripts, customizable phishing kits and even integration help in exchange for a share of the stolen funds. A DaaS offer might be bundled with social engineering support, anonymization services and regular updates, making them attractive even to low-skill scammers.

Types of crypto DaaS tools include:

• JavaScript-based drainers: Malicious JavaScript is embedded into phishing websites that mimic legitimate decentralized apps (DApps). These scripts execute when you connect your wallet, silently triggering approval transactions that drain assets. 
• Token approval malware: Tricks users into granting unlimited token access via malicious smart contracts.
• Clipboard hijackers: Hackers use clipboard hijackers to monitor and replace copied wallet addresses with those controlled by attackers. 
• Info-stealers: They harvest browser data, wallet extensions and private keys. Some DaaS packages combine these with loader malware that drops additional payloads or updates the malicious code. 
• Modular drainer kits: Segregated into modules, these drainers use obfuscation techniques to bypass browser-based security tools. 

Did you know? According to Scam Sniffer, phishing campaigns using wallet drainers siphoned off over $295 million in NFTs and tokens from unsuspecting users in 2023.

What crypto DaaS kits include

Crypto DaaS kits are pre-built toolsets sold to scammers, enabling them to steal digital assets with minimal technical skill. These kits typically include phishing page templates, malicious smart contracts, wallet-draining scripts and more.

This is what crypto DaaS kits generally include:

• Pre-built drainer software: Plug-and-play malware requiring minimal setup.
• Phishing kits: DaaS providers supply customizable phishing website templates that hackers can modify according to their plans.
• Social engineering: With DaaS, hackers find support for social engineering along with psychological tactics to trick users into connecting their wallets.
• Operational security (OPSEC) tools: To avoid detection, some DaaS vendors offer advanced operational security tools that mask user identity and hide digital footprints.
• Integration assistance and/obfuscation: These services help attackers deploy drainer scripts seamlessly and use obfuscation tools to evade tracking.
• Regular updates: Frequent improvements are designed to bypass wallet defenses and detection systems.
• User-friendly dashboards: Control panels that help attackers oversee operations and monitor drained funds.
• Documentation and tutorials: Step-by-step instructions enabling even beginners to execute scams efficiently.
• Customer support: Some DaaS operators provide real-time help through secure messaging apps like Telegram.

With DaaS kits available for as little as $100 to $500, or through subscription models, sophisticated crypto attacks are no longer limited to experienced hackers. Even the inexperienced can now access these scripts with a small budget, effectively democratizing this type of crime.

Did you know? Advanced DaaS tools often update scripts to evade detection from browser extensions like WalletGuard and security alerts issued by MetaMask or Trust Wallet.

Evolution of crypto drainers as prominent fraudulent activity

The threat landscape of cryptocurrency fraud is constantly evolving. Emerging around 2021, crypto drainers have rapidly transformed the landscape. Their ability to stealthily siphon funds from users’ wallets has made…