Crypto wallet drainer

How it works

Drainers run on phishing sites that impersonate a wallet, exchange, airdrop, or DeFi app. The victim connects their wallet and approves what looks like a routine action; the malicious approval grants the attacker the right to transfer their tokens and NFTs. Drainer kits are sold as a service, which lowers the bar for attackers.

How it relates to brand impersonation

Wallet drainers are brand impersonation aimed squarely at crypto: they pose as a trusted project to steal irreversibly. For crypto and Web3 brands, the fake site impersonating you is both a customer-protection problem and a reputation problem.

How nebty helps

nebty monitors for fake sites and lookalike domains impersonating your crypto project and takes them down on demand. Fast removal matters most when losses are irreversible. See our crypto brand protection page.

How to avoid getting drained

A drainer almost always works through a signature you approve, not a password you type, so the usual security habits do not protect you. The defence is to treat every wallet prompt as a contract you are signing. Read what a connection or transaction is actually requesting; a routine-looking approval can grant open-ended permission to move a token. Be suspicious of any site that asks you to connect to claim an airdrop, unlock a reward, or fix a problem, especially one you reached from an ad, a DM, or a search result rather than a bookmark. Use a separate wallet with minimal funds for unfamiliar apps, and revoke old token approvals periodically. For a project, the fake site wearing your name is the root, and removing it fast is the one response that helps, because once a victim signs, the funds are gone for good.