File folder on MEGA
How Crypto Drainers Work and How to Protect Your Assets
In the world of cryptocurrency, one of the quietest yet widespread threats is crypto drainers. These tools automatically siphon tokens and NFTs from users’ wallets. Today, we’ll break down how they work, how they disguise themselves, and how to stay safe.
What Are Drainers?
Crypto drainers are malicious scripts or smart contracts that gain access to users’ wallets and transfer assets to the attacker’s address.
Key point: they rarely “hack” the blockchain directly. Instead, they rely on legitimate token functions, tricking the user into granting access themselves.
How Drainers Disguise Themselves
- Fake websites and dApps
Clone legitimate DeFi services or NFT marketplaces. Users think they are connecting to a safe platform. - Fake airdrops and NFT drops
A “gifted” token or NFT is sent to the victim. Interacting with it signs a permission transaction for the drainer. - Disguised giveaways and bonuses
Messages like “claim your tokens” or “confirm participation” are actually requests for access to your assets. - Updates or patches via Telegram/Discord
Files or links may lead to drainers disguised as software updates. - Brand impersonation and domain typos
For example, opensea.app instead of opensea.io — a single character difference can put your wallet at risk.
How They Work: approve and transferFrom
Drainers typically use standard token methods.
1. approve — granting permission
function approve(address spender, uint256 amount) public returns (bool)
- spender — the drainer contract’s address
- amount — how many tokens it can spend
2. transferFrom — transferring tokens
function transferFrom(address from, address to, uint256 amount) public returns (bool)
- from — your wallet
- to — attacker’s wallet
- amount — how much to transfer
Once approve is signed, the drainer can withdraw tokens at any time.
3. NFTs and setApprovalForAll
For ERC-721/1155 tokens, setApprovalForAll gives a contract permission to transfer all NFTs in a collection. After that, transferFrom allows the attacker to take all tokens.
Why This Works
- The user themselves signs the transaction, making it legitimate on-chain.
- Few people check the fine details of approvals in wallets like MetaMask or TrustWallet.
- Drainer contracts are coded to appear benign to avoid suspicion.
How to Protect Yourself
- Use hardware wallets (Ledger, Trezor).
- Always check transactions: which contract and how many tokens you approve.
- For NFTs, be cautious with setApprovalForAll; restrict access to specific tokens.
- Monitor approvals via services like Etherscan Token Approvals.
- Never connect your wallet to suspicious links, airdrops, or giveaways.
Last edited:
