
Wallet drainers have stolen billions from crypto users, and almost none of it involved a stolen password or a hacked blockchain. It involved victims signing transactions they did not understand. This guide explains how drainers actually work, the token-approval mechanism they exploit, the drainer-as-a-service industry that industrialized the theft, the specific signatures that give attackers everything, and exactly how to protect a wallet, and revoke the approvals that may already be dangerous.
The most successful theft technique in crypto does not break into anything. It asks permission, and the victim grants it. Wallet drainers, malicious tools that empty a crypto wallet of its tokens and NFTs in a single approved transaction, have stolen billions of dollars from hundreds of thousands of victims, and the striking fact about nearly every case is that the blockchain worked perfectly, the cryptography held, and no password was ever stolen. The victim was tricked into signing a transaction that authorized the theft, and the chain, doing exactly what it is designed to do, executed the authorization faithfully.
This is the defining feature of the drainer era: the attack surface moved from the protocol to the person. Blockchains made stealing coins by breaking the math effectively impossible, so thieves stopped trying, and turned instead to the one component no cryptography can secure, the human deciding what to sign. Drainers are the industrialized product of that shift, packaged tools sold as a service to non-technical criminals, complete with the phishing infrastructure to lure victims and the smart contracts to sweep their assets the instant they approve.
This guide explains the whole machine. It covers how blockchain approvals work and why they are the vulnerability, the anatomy of a drainer attack from lure to sweep, the specific malicious signatures, approvals, permits, and the notorious blind-signing transactions, that hand attackers everything, the drainer-as-a-service industry that turned wallet theft into a franchise business, the lures that deliver victims, and the concrete defenses, including how to find and revoke the dangerous approvals that may be sitting in your wallet right now.
Approvals: the feature that became the weapon
To understand drainers, understand token approvals, because the entire attack is an abuse of a legitimate and necessary feature. When you use a decentralized application, a DEX, a lending protocol, an NFT marketplace, it needs permission to move your tokens on your behalf. Instead of approving every single transaction individually, the standard mechanism lets you grant a smart contract an allowance: permission to spend up to some amount of a specific token from your wallet, so the application can operate smoothly without asking each time.
This is convenient and, used honestly, safe. The problem is what the mechanism permits when abused. Approvals can be for unlimited amounts, a single signature can authorize a contract to move all of a token you will ever hold, and they persist, an approval you granted once stays active until you revoke it, sometimes for years, quietly retaining permission to drain that token long after you have forgotten the transaction. A malicious contract that obtains an unlimited, persistent approval to your most valuable token holds a standing key to that portion of your wallet, and it can use that key whenever it chooses, including long after the moment you signed.
Drainers exist to obtain exactly those approvals by deception. The attacker’s entire goal is to get you to sign a transaction that grants a malicious contract permission over your assets, and everything else, the fake websites, the urgent messages, the impersonated brands, is machinery built to manufacture that one signature. Once granted, the theft is not a hack; it is the contract exercising a permission you authorized, which is why drainer thefts are so hard to reverse and why the blockchain offers the victim no recourse: from the protocol’s view, nothing went wrong at all.
Anatomy of a drainer attack
A drainer attack runs a consistent sequence, and knowing it makes the danger legible. It begins with a lure: the victim encounters something designed to get them to connect a wallet and sign, a fake version of a real project’s website, a fraudulent airdrop claim, a malicious link in a hacked social media account, a counterfeit minting page for the kind of memecoin launch that draws crowds to sign in a hurry, a poisoned search result or ad. The lure’s job is to place the victim in front of a wallet-signing prompt while they believe they are doing something legitimate, claiming a reward, minting an NFT, verifying an account, connecting to a familiar app.
Then comes the signature request, the heart of the attack. The malicious site prompts the victim’s wallet to sign a transaction, and the transaction is crafted to grant the attacker’s contract permission over the victim’s assets, an unlimited token approval, a permit signature, or a batched authorization covering multiple assets at once. To the victim, the prompt often looks routine, and modern drainers work hard to make it look exactly like the legitimate action the victim expects, disguising the malicious approval as the connection or claim they came to perform. The wallet, correctly, shows a signing prompt; the victim, believing it is benign, approves.
The sweep follows instantly. The moment the approval lands, the drainer’s infrastructure moves the authorized assets out of the wallet, often within the same block, racing through the same priority-ordering infrastructure that powers all on-chain extraction, frequently prioritizing the most valuable tokens first and using automation to drain everything the signature authorized before the victim understands what happened. The stolen assets are then laundered through mixers and cross-chain routes, the same obfuscation path every major theft follows, tracing that the on-chain analytics industry pursues but rarely reverses, and by the time the victim notices, the assets are gone and the approval that authorized their loss is often still active, ready to sweep any new tokens that arrive. The entire sequence, lure to sweep, can complete in seconds, and its speed is why prevention, not reaction, is the only real defense.
The signatures that give everything away
Not all malicious signatures are equal, and the most dangerous ones are worth knowing by name, because recognizing them is the difference between a close call and an empty wallet.
The unlimited approval is the classic: a signature granting a contract permission to spend an unlimited quantity of a specific token. Legitimate apps sometimes request these for convenience, which is exactly what makes them dangerous, victims are habituated to approving them, and a malicious contract with an unlimited approval can drain that token entirely, then and later. The permit signature is subtler and more dangerous still: newer token standards allow approvals to be granted through an off-chain signed message rather than an on-chain transaction, which means a victim can authorize a drain by signing what looks like a harmless message, with no gas fee and no obvious transaction, making permit-based attacks especially deceptive because they bypass the mental alarm that an explicit approval transaction might trigger. Batched or delegated signatures, which authorize actions across multiple assets or grant broad control in one approval, let a single signature hand over an entire wallet’s worth of holdings at once.
Underlying all of them is the deepest problem: blind signing. A hardware wallet or software wallet protects your keys, but it often cannot tell you, in plain language, what a complex transaction actually does, showing instead an opaque hash or an inscrutable data blob. When a victim cannot read what they are authorizing, they are trusting the website’s description of the transaction instead of the transaction itself, and drainers exploit exactly that gap, presenting a benign story while the signature underneath authorizes theft. Blind signing is the single largest vulnerability in self-custody, the same failure mode behind the industry’s largest institutional heists, and it is why the defenses that matter most are the ones that make transactions readable before they are signed.
Drainer-as-a-service: theft as a franchise
What turned wallet draining from a scattered nuisance into a billion-dollar industry was a business-model innovation: drainer-as-a-service. Instead of every thief building their own tools, sophisticated developers built drainer kits, complete packages including the malicious smart contracts, the phishing-site templates, the asset-sweeping automation, and even customer support, and rent or license them to non-technical criminals in exchange for a cut of the stolen funds, commonly a percentage of every drain.
This franchising is why drainers scaled so catastrophically. It removed the skill barrier: a criminal with no coding ability can now deploy a professional-grade draining operation by subscribing to a service, pointing it at a lure, and splitting the proceeds with the developers. The kits compete on effectiveness, evolving rapidly to defeat wallet warnings, evade detection, and improve their deception, an arms race funded by the theft itself. Notorious drainer services have processed staggering sums across tens or hundreds of thousands of victims, losses on the scale of the exploits that drain entire protocols before shutting down, rebranding, or being succeeded by imitators, and the model’s resilience is structural: take one down and the demand, the tools, and the developers simply reconstitute under a new name. The industry has professionalized the way legitimate software did, with tiers, updates, and support, applied entirely to the manufacture of malicious signatures.
The scale, and why it kept growing
The numbers behind the drainer era explain why it commands this much attention. Across the phenomenon’s peak years, drainer operations collectively stole billions of dollars from hundreds of thousands of wallets, with individual services processing hundreds of millions before retiring or rebranding, and the losses concentrated not among careless novices but across the full spectrum of users, including experienced holders who signed one bad transaction in a moment of routine. The growth curve tracked the service model’s spread: as kits became easier to rent and more effective at defeating wallet warnings, the number of operators multiplied, and the total harm scaled with them.
Two dynamics made the problem stubborn. The first is the arms race: every improvement in wallet security, transaction warnings, phishing-site blocklists, approval alerts, was met by drainer developers adapting their kits to evade it, funded by the theft itself, so defenses and attacks co-evolved without either side winning permanently. The second is the reconstitution problem: because the model is a service, not a fixed operation, dismantling any single drainer, through law enforcement, exchange cooperation, or the developers simply cashing out, removes a brand but not the demand, the expertise, or the tooling, which reappear under new names. The industry has proven as resilient as any legitimate software market, for the same reasons: low barriers to entry, strong demand, and continuous iteration, all pointed at manufacturing malicious signatures.
A drainer in slow motion
Walking one composite attack at human speed makes the abstract sequence concrete. A user sees a post from what appears to be a project they follow, an official-looking account, announcing a surprise airdrop with a claim deadline in hours. The urgency is deliberate. They click the link, which leads to a site that is a pixel-perfect clone of the real project, reached through a domain one character off from the genuine one. The site invites them to connect their wallet to check eligibility, a routine, harmless-feeling action, and they do. It reports they qualify for a substantial allocation and prompts them to sign a transaction to claim it.
The prompt is the trap. What the site describes as a claim is, underneath, a request to grant the attacker’s contract an unlimited approval over the user’s most valuable token, or a permit signature authorizing the same through a gasless message that looks even more innocuous. The user, excited about the airdrop and reassured by the familiar-looking site, reads the site’s benign description instead of the transaction’s true content, which their wallet may show only as an opaque blob, and approves.
Within the same block, the drainer sweeps the authorized token out of the wallet, and if the signature was broad, moves to the next asset. Minutes later the user checks the real project’s channels and finds no airdrop existed. The approval that authorized the theft is still active, and unless revoked, it will sweep any replacement tokens that arrive. Every step felt normal; the entire loss flowed from a single signature signed in a manufactured hurry, which is the drainer’s whole design in miniature.
The lures: how victims are delivered
The drainer contracts are only half the machine; the other half is the lure infrastructure that delivers victims to the signing prompt, and its variety is worth cataloguing because recognition is defense. Fake airdrops and token claims exploit greed and urgency, promising free tokens that require connecting a wallet and signing to claim. Impersonation sites clone real projects pixel for pixel, reached through poisoned search ads, typosquatted domains, or links posted from compromised official accounts, so victims believe they are on the genuine site. Fake mints and limited-edition drops manufacture scarcity and time pressure, rushing victims past caution. Compromised social media accounts, including verified and official ones, post malicious links to trusting followers. Direct messages offering support, opportunities, or warnings lure victims to malicious sites. And malicious ads placed on search engines and social platforms put fraudulent sites above the real ones.
The common thread is psychological: every lure engineers a state, excitement, urgency, trust, fear of missing out, in which the victim is primed to sign without scrutiny. The technical sophistication of the drainer is almost secondary to the social engineering of the lure, because the entire attack depends on catching the victim in a moment where they approve first and think later. This is why the most effective defense is not technical but behavioral, a standing refusal to sign anything from a state of urgency, and it is also why attackers invest so heavily in manufacturing that urgency.
Defense, and revoking what may already be dangerous
Protecting a wallet against drainers comes down to a set of habits and one maintenance task most users have never performed. The habits: treat every signing request as a decision, not a formality, and never sign from a state of urgency, since urgency is the attack. Verify sites independently, typing known URLs or using bookmarks instead of clicking links, ads, or search results. Be intensely suspicious of anything free, unexpected, or time-pressured, the emotional signatures of a lure. Use a wallet that decodes and simulates transactions, showing in plain language what a signature will actually do before you approve it, which directly attacks the blind-signing vulnerability, and refuse to sign anything you cannot read. Keep serious holdings in a hardware wallet, and better still a dedicated cold wallet that never connects to applications at all, so that the wallet you use for interacting with dapps holds only what you can afford to lose. And treat unlimited approvals with particular caution, granting only the allowance an interaction actually needs where possible.
The maintenance task is revoking approvals, and it is the one most users skip. Every approval you have ever granted is still active until revoked, which means old, forgotten permissions, including any malicious ones you may have signed without consequence yet, sit in your wallet as standing risk. Approval-checking tools, including those built into major wallets and block explorers, let you see every active approval on your wallet, which contracts can spend which tokens, and revoke the ones you do not recognize or no longer need. Reviewing and revoking approvals periodically closes the standing doors that drainers rely on, and doing it now, especially revoking any unlimited approvals to unfamiliar contracts, is the single highest-value security action most crypto users can take and have not.
The honest summary is that drainers are the mature form of crypto theft in an era where the cryptography cannot be broken: the industry secured the code so thoroughly that criminals abandoned it for the human, and built a professional industry around manufacturing the one thing self-custody cannot prevent, a victim’s own signature on a malicious transaction. No blockchain upgrade fixes this, because nothing went wrong with the blockchain, and the defense is correspondingly human, informed suspicion, readable transactions, minimal exposure, and revoked approvals.
The technology gave everyone the power to be their own bank, and drainers are the standing reminder that being your own bank means being your own security department, and that the most important firewall in crypto is the pause between reading a signing request and approving it.
One last framing worth carrying away: drainers are the price of self-custody’s greatest strength. The same property that lets you hold assets no bank can freeze, final authority over your own signature, is the property attackers turn against you, because a signature you were tricked into making is as final as any other. There is no support line to reverse it and no institution to absorb the loss, which is exactly the trade self-custody offers, total control in exchange for total responsibility. The good news is that the responsibility is discharged by a handful of learnable habits and one overdue afternoon spent revoking old approvals, and the users who internalize them are, in practice, extremely hard to drain. The firewall is you; this guide is its manual.
Disclaimer: This article is for educational purposes only and does not constitute investment or security advice. Digital asset self-custody carries significant risk, and no practice eliminates it. Details are current as of July 9, 2026. Always do your own research.
Frequently asked questions
What is a wallet drainer in simple terms?
A wallet drainer is a malicious tool that empties a crypto wallet of its tokens and NFTs after tricking the owner into signing a transaction that authorizes the theft. It does not steal passwords or break the blockchain; it abuses the legitimate approval mechanism that lets apps move your tokens, obtaining that permission through deception and then sweeping the assets. The blockchain executes the theft as an authorized action.
How do drainers steal crypto without hacking anything?
They exploit the human, not the technology. Blockchains let you grant smart contracts permission to move your tokens, and drainers trick you into granting that permission to a malicious contract, usually through a fake website or airdrop that presents a benign-looking signing prompt. Once you approve, the contract moves your assets legitimately, from the protocol’s perspective, which is why nothing is technically hacked and the theft is hard to reverse.
What is a token approval and why is it dangerous?
A token approval is permission you grant a smart contract to spend your tokens, so apps can operate without asking for each transaction. It becomes dangerous when the approval is unlimited and persistent: a single signature can authorize a contract to move all of a token, and the permission stays active until revoked. A malicious contract with such an approval holds a standing key to that part of your wallet.
What is blind signing?
Blind signing is approving a transaction whose true effect you cannot read, typically shown as an opaque hash or data blob, not a plain-language description. Because you cannot see what you are authorizing, you trust the website’s story about the transaction instead of the transaction itself, which is exactly what drainers exploit. It is the single largest vulnerability in self-custody, and readable, simulated transactions are the direct defense.
What is drainer-as-a-service?
Drainer-as-a-service is the business model that industrialized wallet theft: skilled developers build complete draining kits, malicious contracts, phishing templates, sweeping automation, even support, and rent them to non-technical criminals for a cut of the stolen funds. It removed the skill barrier, letting anyone run a professional draining operation, which is why drainers scaled to billions in losses and why taking one service down rarely stops the problem.
How can I tell if a signing request is malicious?
You often cannot tell from the request alone, which is the danger, so the defense is process rather than detection. Never sign from a state of urgency, verify sites independently instead of clicking links, be suspicious of anything free or time-pressured, and use a wallet that decodes and simulates transactions to show in plain language what a signature will do. If you cannot read what you are authorizing, do not sign it.
What should I do if I think I signed a malicious approval?
Act immediately: use an approval-checking tool, such as those built into major wallets or block explorers, to find and revoke the malicious approval before it drains new assets, since the permission stays active until revoked. Move any remaining assets to a fresh, secure wallet. If a drain already occurred, the stolen funds are usually unrecoverable, but revoking stops further theft through the same approval.
How do I protect my wallet from drainers?
Combine habits and hygiene: treat every signature as a decision and never sign under urgency, verify sites independently, use a transaction-decoding wallet and refuse to sign what you cannot read, keep serious holdings in a cold wallet that never touches apps, grant minimal rather than unlimited approvals, and periodically review and revoke active approvals. Revoking old and unlimited approvals is the highest-value action most users have never done.
Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.
