A wallet drainer is the turnkey toolkit that turns a wallet-connect handshake into an immediate sweep of the victim's tokens, and it has been the highest individual-wallet loss class across 2023-2026 because a single Permit2 signature on a malicious front end can authorise an unbounded allowance the drainer sweeps later.
This article walks the drainer kit anatomy end-to-end, the named-kit lineage from Monkey through Inferno and Angel, the signature and approval patterns that make the sweep possible, the deployment vectors that put the malicious page in front of the victim, the drainer-as-a-service economic model underwriting the kit-versus-operator split, and the layered defense stack for 2026.
What is a wallet drainer, and how is it different from a phishing site?
A wallet drainer is a software kit (front-end JavaScript plus a back-end spender contract on chain) that converts a victim's signed approval or transaction into an immediate transfer of tokens to an attacker-controlled address. A generic crypto phishing site asks for credentials; a drainer asks for a signature, and the signature itself is the theft mechanism.
The distinction matters because the user-side warning signs differ. A credential-phishing page asks for a seed phrase, a private key, or an exchange password, and the literature around phishing attacks has trained most retail users to refuse those prompts on sight. A drainer flow does not ask for the seed; it asks the user to connect a wallet to what looks like a legitimate dApp, then to confirm what looks like a routine transaction or signature, and the device or software wallet then authorises the asset transfer the drainer scripted in. The user experience is closer to a normal DeFi interaction than to a classic phishing pop-up, which is why drainer flows succeed against users who would never type a seed phrase into a form. Drainers also do not own the address-substitution attack pattern; that surface belongs to address poisoning and clipboard hijacking, which target the destination field of an outbound transaction rather than the signature event itself.
The single sentence that captures the gap: a phishing site steals what you type, and a drainer steals what you sign. That asymmetry is the entire reason the drainer family has dominated individual-wallet losses across 2023-2026 according to dashboards maintained by researchers at Scam Sniffer and security vendors including Blockaid (source: Scam Sniffer drainer dashboard).
How does a typical drainer attack flow work, step by step?
A typical drainer attack runs in five steps: the victim lands on a malicious or hijacked page, the page initiates a wallet-connect handshake, the page asks the connected wallet to sign a typed-data message or approve a token, the victim confirms on their wallet, and the drainer's back-end spender contract sweeps the authorised assets to an attacker-controlled consolidation wallet.
The walk-through Blockaid published as a reference reverse-engineered a live drainer kit and traced the front-end JavaScript that requests the signature back to the spender contract that pulls the funds (source: Blockaid analysis of a wallet drainer end-to-end). The page-landing step usually arrives via a hijacked official front end, an impersonated airdrop site, a Google Ads brand-impersonation landing, or a compromised X or Discord post; the wallet-connect step uses WalletConnect v2 or the in-page provider that MetaMask injects; the signature step asks for either a Permit2 typed-data authorisation, an ERC-20 approve for a high-value token, or a direct transferFrom call that masquerades as a routine interaction. The asset-transfer step then runs against the spender contract the drainer deployed, which is usually a generic spender that any operator running the kit can point at the victim address. The Check Point Research write-up on crypto drainers reverse-engineered several public kits and confirmed the front-end / spender-contract / consolidation-wallet pattern across multiple operators (source: Check Point Research on the rising threat of phishing attacks with crypto drainers).
The defensive read on the flow is that every drainer kit terminates at the same signature event, and every drainer kit fails if the victim refuses the signature. The page-landing step depends on the victim arriving at a malicious URL; the wallet-connect step depends on the victim initiating the connection; the signature step depends on the victim pressing confirm. Each step has its own defense layer, and the layered stack at §7 lines those defenses up against the corresponding stage of the attack.
What named drainer kits dominate the 2023-2026 landscape?
The 2023-2026 drainer lineage runs through Monkey Drainer (shutdown March 1, 2023 after ZachXBT's investigation), MS Drainer (active 2023 to early 2024 per Scam Sniffer), Inferno Drainer (~$80 million November 2022 to November 2023 per Group-IB's January 2024 takedown), Pink Drainer (announced 2024 wind-down), and Angel Drainer (the payload behind the Ledger Connect Kit cascade of December 14, 2023).
Monkey Drainer was one of the earliest scaled drainer operations and announced its shutdown via Telegram on March 1, 2023 after sustained pressure from on-chain investigator ZachXBT's October 25, 2022 thread (source: CoinDesk coverage of Monkey Drainer's shutdown). MS Drainer operated through 2023 into early 2024 as one of the more aggressive successor operators tracked alongside the broader family on Scam Sniffer's dashboard. Inferno Drainer ran an affiliate-network model where customers paid the operators a share of stolen funds in exchange for the front-end kit and the spender contracts that received Permit2 signatures from victims; per Group-IB's January 2024 takedown report, cumulative theft attributed to Inferno was approximately $80 million across November 2022 to November 2023, with 16,000+ phishing domains and 100+ impersonated brands recorded across the operation (source: Group-IB investigation of Inferno Drainer). Pink Drainer operated alongside Inferno across 2023-2024 with cumulative figures tracked on Scam Sniffer's dashboard before its 2024 announced wind-down; like Monkey before it, the Pink wind-down did not end drainer activity but redirected it into successor kits the same operators picked up. Angel Drainer became the most widely-named kit of December 2023 when its payload landed on the Ledger Connect Kit JavaScript library on December 14, 2023, propagating across every DeFi user interface that pulled the affected library at run time; the supply-chain attacks deep-dive carries the full Connect Kit incident chain.
A naming caveat worth flagging at this point in the article. The kit Inferno was self-branded by its operators; the names Monkey, MS, Pink, and others were applied by researchers at Scam Sniffer, Group-IB, and the ZachXBT investigation thread rather than chosen by the operators themselves. Treat the kit names as research-community shorthand for distinct operator clusters, not as marketing branding the operators paid for.
The table below maps the five named drainer kits across the dimensions that matter for users tracking the threat landscape: when each was active, cumulative attribution where verified, the takedown or wind-down status, and the kit-versus-operator economic split where disclosed.
Kit | Active period | Cumulative theft (attributed) | Status (2026) | Kit-dev share | Primary source |
|---|---|---|---|---|---|
Monkey Drainer | ~2022 → Mar 1, 2023 | Not publicly tallied | Shutdown announced via Telegram Mar 1, 2023 | Not disclosed | ZachXBT Oct 25, 2022 investigation; CoinDesk Mar 2, 2023 |
MS Drainer | 2023 → early 2024 | Tracked on Scam Sniffer dashboard | Quiet 2024+ | Not disclosed | Scam Sniffer ongoing tracking |
Inferno Drainer | Nov 2022 → Nov 2023 | ~$80M | Takedown announced Nov 2023; report Jan 2024 | ~20% (operator 80%) | Group-IB Jan 2024 takedown report |
Pink Drainer | 2023 → 2024 wind-down | Tracked on Scam Sniffer dashboard | Announced wind-down 2024 | Not disclosed | Scam Sniffer dashboard |
Angel Drainer | 2023 → present (most prominently Dec 14, 2023 Ledger Connect Kit cascade) | ~$600K (Connect Kit incident) + ongoing | Active | 15% (operator 85%) | Ledger Security Incident Report Dec 14, 2023 |
The pattern across the table is that takedowns of named kits do not end drainer activity. Monkey shutdown March 2023 was followed by MS Drainer in 2023, Inferno takedown November 2023 was followed by Pink and Angel through 2024, and the Pink wind-down 2024 was followed by successor kits the same operator clusters continued running. The defensive read is structural: drainer defense relies on the user-side approval audit and signing-hygiene posture in §7, not on any single law-enforcement action against a single named kit.
What signature and approval patterns do drainers exploit?
Drainers exploit four signature and approval patterns that retail users routinely confirm without reading: an unbounded ERC-20 approve against an attacker-controlled spender, a Permit (EIP-2612) off-chain signature that authorises a later transferFrom, a Permit2 typed-data signature that does the same against the canonical Uniswap Permit2 contract, and a direct transferFrom or low-level call disguised as a routine interaction.
The mechanism deep-dive belongs to the smart contract wallet risks explainer, with the approval-mechanics walk-through covered separately in the sibling approval-hygiene article. The drainer-side reading is that each of these four patterns terminates at a signature event the user has already learned to confirm in legitimate DeFi flows; an unbounded approve looks like an ordinary token-allowance setup, a Permit signature looks like a gasless off-chain authorisation, a Permit2 typed-data message looks like the routine DEX-aggregator handshake users sign multiple times per session, and a direct transferFrom looks like a swap. The drainer's job is not to invent a new attack primitive; it is to attach a legitimate-looking front end to a request the user is conditioned to approve. The crypto wallet glossary carries the term-level definitions for readers who want a refresher on Permit2, EIP-712, or transferFrom before reading the rest of this section.
Two structural observations matter for the user-side reading. First, the same signature surfaces that power legitimate DeFi (Permit2 in particular) are the surfaces drainers depend on; the defense cannot be "never sign Permit2" because that would break most DEX aggregators. Second, the surface area is wide enough that no single device-level or wallet-level toggle closes the entire class; the defenses at §7 are layered precisely because no single layer is sufficient.
How are drainers distributed through X, Discord, Google Ads, and SEO?
Drainers reach victims through four primary distribution vectors: compromised X (formerly Twitter) and Discord posts, paid Google Ads against high-value brand keywords, SEO-poisoned search results, and compromised official front ends. Each vector lands the victim on a malicious or hijacked URL that initiates the wallet-connect handshake covered at §2.
The X and Discord channel is the highest-volume social vector. Operators acquire access to verified or high-follower accounts through credential phishing or session-cookie theft, then post an airdrop announcement, a fake mint page, or a "claim your reward" prompt that links to a drainer kit. The Discord variant typically uses a compromised webhook or a hijacked moderator account to post in the project's official server, which carries inherited trust the standalone phishing page would not. The Google Ads vector works against high-value brand keywords like Uniswap, Lido, or specific token names; the paid ad outranks the legitimate organic result for the user's intent query, the user clicks the first result without inspecting the URL, and the landing page presents a near-perfect clone of the legitimate dApp. Google has run ongoing policy enforcement against crypto-impersonation ads since 2023, but the operators rotate ad accounts and creative quickly enough that enforcement runs behind the threat. SEO-poisoned search results are a slower-burn variant: operators stand up cloned dApp sites on lookalike domains, optimise them for long-tail queries, and capture users who land on the clone through organic search. The DNS attack surface explainer covers the related class where the legitimate domain itself is hijacked at the DNS layer.
Compromised official front ends are the rarest but highest-impact vector. The Cyberhaven Chrome extension cascade of December 24, 2024 (covered in detail at the supply-chain reference) showed how a single compromised vendor can fan out a malicious payload to hundreds of thousands of users through a legitimate auto-update mechanism. The same shape applies to wallet extensions, dApp front ends, and shared JavaScript libraries. The cross-channel multiplier on drainer pipelines is infostealer malware delivered through the same campaigns; the malware lifts session cookies, browser-stored credentials, and wallet metadata while the drainer hits the signing surface, and the malware and crypto threats coverage handles the malware-family taxonomy. Front-end navigation upstream of any of these channels also depends on browser security holding at the extension and overlay layer.
What does the drainer-as-a-service economic model look like?
The drainer-as-a-service (DaaS) model splits revenue between the kit developer and the operator who runs the campaign, with the kit developer typically taking a 15-25 percent share and the operator keeping the balance. The model lets non-technical operators run drainer campaigns without writing the kit themselves, which is why drainer activity scaled so quickly across 2023-2024.
Angel Drainer's revenue share anchors the floor of the published range: per Ledger's own Security Incident Report on the Connect Kit compromise of December 14, 2023, the funds stolen during the incident were split 85 percent to the exploiter (the operator running the malicious Connect Kit campaign) and 15 percent to the Angel Drainer service (source: Ledger Security Incident Report). Inferno Drainer's affiliate-network model sat slightly higher on the kit-developer side at 20 percent per Group-IB's reporting on the operation. Broader DaaS coverage from SentinelOne places most kits between roughly 5 and 25 percent on the kit-developer side depending on the services provided (source: SentinelOne on the rise of drainer-as-a-service). The Ledger Academy glossary entry on drainer-as-a-service summarises the model at a definitional level for readers who want the short version (source: Ledger Academy on drainer-as-a-service).
The defensive read on the DaaS economic model is that the operator pool is larger than the kit-developer pool, which means a single law-enforcement action against a kit developer (the Inferno Drainer takedown reported by Group-IB in January 2024, for instance) does not end drainer activity; it redirects operators to the next available kit. Scam Sniffer's 2024 dashboard tracking shows the post-Inferno operator pool migrated quickly to successor kits and continued running comparable campaigns through 2024 and into 2025 (source: Scam Sniffer 2024 dashboard year view). The structural lesson for retail users is that defenses cannot rely on takedowns; the defense layers at §7 work regardless of which kit any given campaign is running.
How do you defend yourself against a drainer in 2026?
A layered 2026 defense stack against drainers has five layers: bookmark-only navigation to every DeFi front end, finite Permit2 expiry-window approvals instead of unbounded standing allowances, transaction-simulation tools running pre-signing on every request, hardware-wallet clear-signing for the final approval, and quarterly approval audits that confirm what has actually been authorised across all chains the wallet has touched.
Bookmark-only navigation closes the page-landing step at §2 by removing the search-result and ad-click attack surface; reach every DeFi front end through a bookmark you confirmed once against the legitimate URL, and refuse to wallet-connect on any page reached through a search result or paid ad. Permit2 expiry-window approvals replace the unbounded standing allowance with a finite-window authorisation that the contract enforces; the deep-dive on approve revocation, the Etherscan + Revoke.cash + MetaMask workflow, and the Permit2 expiry-window mode lives in revoke token approvals, which is the upstream sibling for the approval-hygiene layer. Transaction-simulation tools (Blockaid, Wallet Guard, Pocket Universe, Tenderly) preview the on-chain effect of a signature before the user confirms, flagging known drainer signatures and unexpected approvals; the simulation-as-pre-signing-preview framing sits inside the hardware wallet with DeFi sibling alongside the device-screen clear-signing layer. Hardware-wallet clear-signing surfaces the structured fields of the typed-data message on the device screen so the user can read what they are about to authorise; the EIP-712 clear-signing posture and the Ledger / Trezor pairing flow live in the same sibling article. The quarterly approval audit closes the residual exposure by surfacing standing approvals the user can revoke; running the audit on a calendar reminder catches drift before a drainer hits.
From Blofin's operational perspective, the post-drainer cleanup pattern eventually surfaces at the centralized-exchange off-ramp regardless of whether the user was drained on a Uniswap-clone phishing page, an X-post airdrop scam, or a Google-Ads-impersonation landing, and the operator-side controls that matter most are drainer-signature heuristics on hot-wallet activity, withdrawal-destination heuristics on consolidation patterns from known drainer-victim sweep wallets, and peer-platform incident-feed corroboration when a hot wallet has been drained across one platform's view. The control framework Blofin treats as baseline for any platform observing user funds moving across drainer-impacted hot-wallet flows is drainer-signature heuristics on hot-wallet activity, withdrawal-destination heuristics on known drainer-consolidation patterns, and peer-platform incident-feed corroboration. Refresh the layered defense stack annually, after any disclosed kit family expansion comparable to Angel Drainer's Connect Kit cascade of December 2023, and after any disclosed takedown comparable to Group-IB's Inferno Drainer report of January 2024 that shifts the operator pool to a new kit.
Frequently asked questions
What is the difference between a wallet drainer and a generic crypto phishing site?
A generic crypto phishing site asks for credentials (a seed phrase, a private key, an exchange password), while a wallet drainer asks for a signature on a transaction or typed-data message that authorises the transfer of tokens directly. The user-experience difference matters because most retail users have been trained to refuse seed-phrase prompts but will routinely confirm DeFi signatures, which is why drainer flows succeed against users who would never type a seed into a form.
What happened with the Inferno Drainer and how much did it steal?
Inferno Drainer ran an affiliate-network drainer-as-a-service operation where customers paid the operators a share of stolen funds in exchange for the front-end kit and the spender contracts that received Permit2 signatures from victims. Per Group-IB's January 2024 takedown report, cumulative theft attributed to Inferno Drainer was approximately $80 million across November 2022 to November 2023, with 16,000+ phishing domains and 100+ impersonated brands recorded across the operation.
How did the Angel Drainer get into the Ledger Connect Kit in December 2023?
On December 14, 2023, attackers compromised a former Ledger employee's npmjs.com account through a phishing attack and pushed malicious versions of the @ledgerhq/connect-kit JavaScript library, which propagated the Angel Drainer payload to every DeFi user interface that pulled the affected library at run time. Per Ledger's Security Incident Report, the active drain window stayed under two hours, and the funds were split 85 percent to the exploiter and 15 percent to the Angel Drainer service per the drainer-as-a-service revenue model.
Is a hardware wallet enough to protect me from a drainer?
A hardware wallet helps but is not sufficient on its own. The device keeps the private key offline, but a drainer can still succeed if the user confirms a signature they cannot read; clear-signing for EIP-712 typed data turns the request into a readable confirmation, while blind-signing leaves the user authorising a hash they cannot decode. The layered defense stack at §7 pairs hardware-wallet clear-signing with transaction simulation, bookmark-only navigation, finite Permit2 expiry windows, and a quarterly approval audit.
What should I do if I think I just signed a drainer payload?
Move quickly. Transfer remaining assets out of the affected wallet to a known-clean wallet on a clean device, revoke every outstanding approval through Etherscan's Token Approval Checker or Revoke.cash signing from the clean device, and inventory which tokens were authorised and which were swept. If a hardware wallet was paired, the seed itself is safe and you can recover onto a clean device. Document the drainer-spender contract address for incident-reporting and to share with peer-platform incident feeds.
Researched and written by the Blofin Academy editorial team with AI-assisted drafting. Primary sources include Group-IB's investigation of Inferno Drainer, Scam Sniffer's drainer dashboard, the Ledger Security Incident Report on the December 2023 Connect Kit compromise, Ledger Academy's drainer-as-a-service glossary entry, Blockaid's reverse-engineering walk-through of a live drainer kit, SentinelOne's analysis of the drainer-as-a-service revenue model, Check Point Research on the rising threat of phishing attacks with crypto drainers, and CoinDesk coverage of the Monkey Drainer March 2023 shutdown. All facts independently verified against cited documentation current as of May 2026.
This article is for informational purposes only and does not constitute financial advice, investment guidance, or a recommendation to buy, sell, or hold any digital asset. Cryptocurrency markets involve significant risk and you should conduct your own research and consult qualified professionals before making investment decisions. Blofin Academy content reflects the state of public information at time of publication; protocol parameters, fees, and ecosystem data change frequently.