Bad actors targeting crypto assets continue to use a variety of tactics to steal user funds, including private key theft, smart contract mining, price manipulation attacks and many other methods.

In recent years, scammers have increasingly turned to “crypto drainer” tools. These tools have influenced many cryptocurrency users, including celebrities like Mark Cuban and Seth Green. Some “crypto drainer” tools have stolen millions of dollars from victims.

What is Crypto Drainer?

Crypto drainer is a phishing tool designed for the web3 ecosystem. Instead of stealing victims' usernames and passwords, the operators of these tools often masquerade as web3 projects, luring victims into connecting their cryptocurrency wallets to the “drainer” and ratcheting up their reputation. browsing transaction proposals allows the operator to control the funds in the wallet. If successful, these tools can directly steal users' funds immediately. Operators often promote their fake web3 sites in communities on Discord and on hijacked social media accounts.

An example of a “drainer” pretending to be the US Securities and Exchange Commission (SEC), was discovered by Chainalysis in January 2024 shortly after the SEC's official Twitter/X account was taken over. The tool prompted users to connect their wallets to receive fake tokens through an airdrop.

Effects of crypto drainer

It is difficult to track the total amount of money stolen by “drainer” tools, as many scams go unreported. However, it is possible to analyze the activities of these tools initially reported by Chainalysis customers, as phishing schemes and similar activities that were maintained in the database.

As we see below, the quarterly growth in value stolen by “drainer” tools even surpasses the value stolen by ransomware, a crime category identified as growing rapidly. especially in recent years.

After stealing digital assets from victims' wallets, criminals operating “drainer” tools often use various cryptocurrency services to launder the funds or possibly convert them into cash. In the next chart, we see that the amount sent by “drainer” tools to coin mixing services to achieve these goals has increased since 2021, while the amount sent to exchanges Centralized transactions have decreased. Some “drainer” engines are also using gambling services, albeit on a smaller scale.

Additionally, in 2022 and 2023, “drainer” tools sent most of their stolen funds to various DeFi projects such as decentralized exchanges, bridges, and swap services — the reason is because all assets stolen by “drainer” tools are easy and practical to transfer in DeFi, unlike Bitcoin.

Bitcoin's first crypto drainer

Currently, most “drainer” tools operate within the Ethereum ecosystem. However, Chainalysis recently identified an unusual “drainer” on the Bitcoin blockchain. The operators of the tool created a website pretending to be Magic Eden, the main NFT platform for Bitcoin Ordinals. As of April 2024, this tool has stolen about 500,000 USD in more than 1,000 malicious transactions.

Although Bitcoin is not as widely used as other assets for web3 services, there have been several other Bitcoin “drainer” tools that exploit Ordinals trading communities.

How to avoid crypto drainers

As criminals operating “drainer” tools become more sophisticated, it will become increasingly important for web3 projects and users to deploy various security measures to protect against malicious activity. This:

  • Web3 security extensions like Wallet Guard can identify phishing pages and websites, and assess security risks associated with crypto wallets.

  • Users can minimize their exposure to “drainer” tools by using an offline wallet to store valuable or large-volume assets, and only transfer funds to the hot wallet when necessary.

  • Ecosystem participants should be wary of links promoted in chat rooms or on social networks, which may not be related to a project's official account.

  • If a private wallet user needs to connect to an unfamiliar web3 website, they can create a temporary wallet that does not contain any assets and connect it to the website.

  • If the victim's assets are stolen by a "drainer", the victim can cancel unfinished transactions.