Skip to main content

Overview

A drainer is a malicious smart contract or script designed to automatically steal assets from connected wallets. Drainers are commonly deployed through phishing sites that trick users into signing malicious transactions.
Drainer attacks have caused hundreds of millions in losses. Never sign transactions on unfamiliar websites or approve unlimited token allowances.

How Drainers Work

  1. Phishing Site: Victim visits a fake website mimicking a legitimate project
  2. Wallet Connection: Site requests wallet connection (appears normal)
  3. Malicious Approval: User signs a transaction granting unlimited token approvals
  4. Asset Theft: Drainer contract transfers all approved assets to attacker
  5. Speed: Entire process can happen in seconds

Types of Drainer Attacks

Approval-Based Drainers

  • Request ERC-20 token approvals
  • Can drain all approved tokens at any time
  • Most common type

NFT Drainers

  • Target NFT collections
  • Often use setApprovalForAll function
  • Can steal entire collections in one transaction

Permit-Based Drainers

  • Use EIP-2612 permit signatures
  • No on-chain approval transaction required
  • Harder to detect before execution

Native Token Drainers

  • Trick users into signing ETH transfers
  • Often disguised as minting or claiming functions

Detection Indicators

TagSeverityDescription
drainerHighAddress associated with known drainer activity
minter-drainerHighToken minter involved in drainer operations
owner-drainerHighToken owner is a known drainer
minter-fundflow-drainerHighMinter fund flow linked to drainers
owner-fundflow-drainerHighOwner fund flow linked to drainers

Common Drainer Tactics

  • Fake airdrops: “Claim your free tokens” phishing
  • Fake mints: Impersonating popular NFT drops
  • Compromised Discord/Twitter: Links posted from hacked accounts
  • SEO poisoning: Fake sites ranking for popular project searches
  • Typosquatting: Domains similar to legitimate projects

API Example

curl -X GET "https://api.webacy.com/addresses/0x123...?chain=eth" \
  -H "x-api-key: YOUR_API_KEY"
Response indicating drainer activity: 
{
  "overallRisk": 95.0,
  "issues": [
    {
      "tag": "drainer",
      "severity": "high",
      "description": "Address related to drainer activity that automates draining assets"
    }
  ]
}

Protection Strategies

  1. Verify URLs - Always check you’re on the official website
  2. Review approvals - Use our Approval Risks endpoint
  3. Limit approvals - Only approve exact amounts needed
  4. Revoke old approvals - Regularly audit and revoke unused approvals
  5. Use hardware wallets - Provides extra signing verification step
  6. Check before signing - Read transaction details carefully