> ## Documentation Index
> Fetch the complete documentation index at: https://docs.webacy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Drainers

> Learn how wallet drainer contracts steal crypto through phishing sites, malicious token approvals, and signature exploits, and how to stay safe.

## Overview

A **drainer** is a malicious smart contract or script designed to automatically steal assets from connected wallets. Drainers are commonly deployed through phishing sites that trick users into signing malicious transactions.

<Warning>
  Drainer attacks have caused hundreds of millions in losses. Never sign transactions on unfamiliar websites or approve unlimited token allowances.
</Warning>

## How Drainers Work

1. **Phishing Site**: Victim visits a fake website mimicking a legitimate project
2. **Wallet Connection**: Site requests wallet connection (appears normal)
3. **Malicious Approval**: User signs a transaction granting unlimited token approvals
4. **Asset Theft**: Drainer contract transfers all approved assets to attacker
5. **Speed**: Entire process can happen in seconds

## Types of Drainer Attacks

### Approval-Based Drainers

* Request ERC-20 token approvals
* Can drain all approved tokens at any time
* Most common type

### NFT Drainers

* Target NFT collections
* Often use `setApprovalForAll` function
* Can steal entire collections in one transaction

### Permit-Based Drainers

* Use EIP-2612 permit signatures
* No on-chain approval transaction required
* Harder to detect before execution

### Native Token Drainers

* Trick users into signing ETH transfers
* Often disguised as minting or claiming functions

## Detection Indicators

| Tag                       | Severity | Description                                    |
| ------------------------- | -------- | ---------------------------------------------- |
| `drainer`                 | High     | Address associated with known drainer activity |
| `minter-drainer`          | High     | Token minter involved in drainer operations    |
| `owner-drainer`           | High     | Token owner is a known drainer                 |
| `minter-fundflow-drainer` | High     | Minter fund flow linked to drainers            |
| `owner-fundflow-drainer`  | High     | Owner fund flow linked to drainers             |

## Common Drainer Tactics

* **Fake airdrops**: "Claim your free tokens" phishing
* **Fake mints**: Impersonating popular NFT drops
* **Compromised Discord/Twitter**: Links posted from hacked accounts
* **SEO poisoning**: Fake sites ranking for popular project searches
* **Typosquatting**: Domains similar to legitimate projects

## API Example

```bash theme={null}
curl -X GET "https://api.webacy.com/addresses/0x123...?chain=eth" \
  -H "x-api-key: YOUR_API_KEY"
```

Response indicating drainer activity:

```json theme={null}
{
  "overallRisk": 95.0,
  "issues": [
    {
      "tag": "drainer",
      "severity": "high",
      "description": "Address related to drainer activity that automates draining assets"
    }
  ]
}
```

## Protection Strategies

1. **Verify URLs** - Always check you're on the official website
2. **Review approvals** - Use our [Approval Risks](/api-reference/riskdd#wallet-risks) endpoint
3. **Limit approvals** - Only approve exact amounts needed
4. **Revoke old approvals** - Regularly audit and revoke unused approvals
5. **Use hardware wallets** - Provides extra signing verification step
6. **Check before signing** - Read transaction details carefully
