Wallet Drainer

A wallet drainer is a piece of malicious code embedded in dApps that is designed to deceive users into signing malicious transactions. Once the user signs, attackers can swiftly drain all available funds and assets—often without the user realizing it until it's too late.

‍

These attacks are cleverly disguised as legitimate activities: enticing airdrops, exclusive giveaways, and even apps posing as well-known services.

‍

Many wallet drainers are developed by threat actors operating under a Drainer-as-a-Serivce model. These group offer a one-click solution for deploying new malicious dApps, and their customers are responsible for getting users to interact with the dApps. The revenues are then shared between the attacker who deployed the dApp and the group who developed the draining kit.