Open in app

Sign in

Write

Sign in

Crypto Wallet Drainers: A Survival Guide

Kai | of Senjō
6 min readAug 31, 2023

--

If you never want to fall victim to one of these… Pay attention!

It’s a horrible feeling, isn’t it? You decided to connect to a dApp or website that asks you for a wallet signature without carefully checking the message… And the next thing you know all of your cryptocurrency and NFT assets have disappeared… Yes… you’ve just been drained!

The prevalence of these scams is so widespread that it’s estimated criminals in the Crypto, Web3 and NFT spaces steal billions of dollars a year, with 95% of these crimes being hacks, taking advantage of users like you and me. Coupled with the rapid expansion and adoption of blockchain technology and cryptocurrencies (despite the USA’s best attempts) this is a cause for major concern!

What they are & How they work

Unless you remain aware of every interaction you make using your crypto wallets (e.g. MetaMask, Phantom, etc.) it can be very easy to fall for any one of the tactics used by scammers aiming to drain your wallet. In general, wallet drainers are based on automatically executing smart contract that, when interacted with via the chosen medium, activates transactions that move the targeted assets from your wallet to another. Here’s a short video to demonstrate how they work:

Wallet Drainer Example #crypto #metamask #trustwallet

#wallethack #drainer #scammerwebsite DISCLAIMER: The content provided on this YouTube channel is for educational and…

youtube.com

It should be noted that in most instances the smart contract in question still requires a manual signature from the owner of the targeted wallet in order to commence the drain (however, there have been some instances where signatures are not necessary for a drain to occur) so it’s of vital importance that you are aware of every transaction you sign as well as every decentralized app (dApp) you allow your wallet to connect to.

How to Identify Them: Common Things to Look Out For

Now, here’s the really hard part — identifying these potentially dangerous sites is becoming increasingly challenging due to the evolving sophistication of the approaches used by the criminals involved. Most of the time it’s fairly obvious that there’s something not quite right with the site or dApp you’re interacting with… But other times these sites and dApps can look and function identically to the real deal which is where most users lose their cryptocurrency. Unfortunately, it’s almost impossible to know 100% of the time if a site or dApp you’re connecting to is legit or not due to the decentralized nature of the space — but there are some key things that should start to set off alarm bells in your head such as:

  • Sites or dApps offering “free airdrops” where you have to connect your wallet and sign a message
  • A random NFT in your wallet that claims to offer you a cash reward by following a link
  • People on X (formerly Twitter), Discord or Telegram sending you links while claiming to help you make money
  • Anyone asking you to test a dApp (for example a company asking you to test their videogame) but you have to download software onto your computer (which often turns out to be malware)
  • Messages or DMs from people claiming that you’ve won a giveaway you never entered and, in order to claim the prize, you have to follow certain steps and/or share sensitive information

While more examples of potentially suspicious activities exist, these are extremely common methods and tactics within the Crypto, Web3 and NFT spaces that veterans are highly familiar with and will warn you to look out for. One of the most important pieces of advice I could give you is to only interact with trusted websites from trusted people and use the official links wherever possible. Not everyone has your best interests in mind, so make sure you do your own research (DYOR) and take the necessary steps to protect yourself.

A KEY Tip to Remember: Take the Time… And Read the Signs!

This section won’t be a big one but may be the most important in this entire article, so pay attention! Having your own cryptocurrency wallet means you’re the one in complete control of the assets within. This is great if you, like a lot of others, have lost faith in the traditional financial systems after their continued failures over the years — but this freedom and control comes at a cost. You become 100% responsible for every single transaction that occurs on your wallet with very little in the way of protection, and being vigilant about the messages you sign is the key to remaining safe.

Be aware of safe vs dangerous sign messages by paying attention to the written messages when it comes time to sign any transactions with your wallet. If in doubt, refer to this example!

Signatures for transactions are your primary protection mechanism when it comes to interacting with sites and dApps. You should always be sure to triple check every signature you intend to sign with your cryptocurrency wallet and ensure there are no unwanted consequences from a transaction. Think about it as if you’re having renovations done to your house: you have a contract of things that need to be done for a set price; the work is carried out; but in the end the payment is five times more than you expected and you sign for the work without looking… Would you ever allow that to happen? Always take the time and understand what you’re signing — otherwise you may lose more than you planned for!

The Secret Recovery Phrase & Protecting the Safety of your Wallet

Now, there are plenty of other steps you can take to maintain the safety of your assets such as using a burner wallet with little to no assets on it for interactions, never interacting with links unless from official sources, and using certain forms of staking to lock assets on a wallet — but one of the most overlooked ways to stay safe is also the most obvious… Never share your wallets secret recovery phrase with anyone!

An example of a wallet recovery phrase

This phrase should ideally be stored offline in various places (such as a notepad and sticky notes) as it acts as one of the foundations of your wallets protection systems. And while we’re on the subject of protecting your wallet, don’t make a habit of sharing your main wallet everywhere either… All it takes is one mistake, or one exceptionally determined hacker, to take the time and effort necessary to part you from your hard earned cryptocurrency!

Summary

The decentralised world of cryptocurrencies can be an intimidating place for the uninitiated… There’s so much to learn and be mindful of. It’s important you take the time to properly understand the basics of the space (especially related to wallets) in order to ensure you’re prepared.

Throughout your time in the space you’ll interact with thousands of dApps and sites — it’s important you know that not all of these are safe! A great way to protect yourself is to understand the differences between legitimate and suspicious sites. Remember, even if a site or dApp looks safe it could be hiding a nasty surprise!

Your final layer of protection when interacting with these sites is the all important transaction signature — so always pay attention to it. Make sure you understand the transactions you are agreeing to and, if in doubt, always reject the transaction until you are ready.

Protection of your wallet and its assets (cryptocurrencies, NFTs, etc.) starts with ensuring you operate with safety in mind. Never share your private key with anyone and do your best to keep your primary wallet connected to as few sites and dApps as possible. And while all of this advice is no guarantee of safety, arming yourself with this knowledge now will make you infinitely safer in the future!

Cryptocurrency
Finance
Nft
Crypto
Crypto Wallet

--

--

Kai | of Senjō

Written by Kai | of Senjō

15 Followers

A Writer and Content Creator for various Web2 and Web3 projects covering a wide variety of platforms and topics.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams