Web3 Security Concepts: Wallet Drainers

What is a Wallet Drainer?

A wallet drainer typically refers to a piece of software, and or code that drains all assets from a specific cryptocurrency wallet. Most if not all wallet drainers are automated.

Okay, so are wallet drainers malicious?

Not always, sometimes if your private key has compromised you may need a way to quickly transfer assets from one wallet to another. In this case, wallet drainers can be a quick and effective way to automate the process. But in most cases, they are used for malicious purposes.

How can wallet drainers be used for malicious purposes?

The most common use for an attacker for a wallet drainer can commonly take the form of a phishing attack. Most likely through a link or a malicious file. The idea here is that a user must try to steal the users private key and or mnemonic phrase. Once that happens, the actual wallet drainer will need to compare HD keys against addresses associated with the private key. From there, the wallet drainer “drains” all assets associated with the wallet.

What’s a good example of a wallet drainer?

The most common wallet drainers are often disguised as NFT drops. Such is the case with a recent fake PsyOps drop.

A twitter scam for a fake PsyOps Drop.

This drop in particular had a link to a fake phishing site, which had almost 424,000 worth of transactions.

Etherscan readout of the site.

This etherscan readout has in fact been connected to this particular wallet and on multiple occasions has stolen tens of thousands of dollars.

So, how can I protect myself?

Using best practices, protecting yourself from these scams is rather trivial.

1. Make sure you don’t click random links and verify the real authenticity of the site by double checking the source. If it looks too good to be true, chances are it is.
2. Use a hardware wallet instead of a browser based one. It will be a lot harder for an attacker to drain the funds with a hardware-based solution. As the hardware solution WON'T leak your private key.

3. Make sure you check if there are any SSL certificate alerts. If there’s a warning, odds are its a phishing link.

Works Cited

“ELI5 — What is a wallet drainer? — Crypto.” Crypto.bi, https://crypto.bi/wallet-drainer/.
“Drainware: Unfortunately, Coming to a Cryptocurrency Wallet Near You.” TRM Labs, https://www.trmlabs.com/post/drainware-unfortunately-coming-to-a-cryptocurrency-wallet-near-you.
“How One Crypto Drainer Template Facilitates Tens of Millions of Dollars in Theft.” Confiant Blog, https://blog.confiant.com/how-one-crypto-drainer-template-facilitates-tens-of-millions-of-dollars-in-theft-66f3794aea4b?gi=c6098a130116.