Wallet drainers explained: how they steal funds

Most modern crypto thefts run through a “drainer.” Here is the mechanism in plain English — and how to shut it down.

Security Guides · 7 min · Updated Jun 2026

A wallet drainer is malicious code that empties a crypto wallet the moment a victim approves a single transaction or signature. It's the engine behind most phishing losses today, often sold as a ready-made kit (“drainer-as-a-service”).

How a drainer works

The victim lands on a fake mint, airdrop, or “claim” page. A pop-up asks them to connect their wallet and approve a transaction. That transaction isn't what it appears to be — it grants the attacker permission to move tokens, or signs a message that authorizes a transfer.

Approval attacks vs signature attacks

  • Token approvals: an approve call gives a contract permission to spend your tokens. A malicious unlimited approval lets the attacker drain that token later.
  • Signature attacks: off-chain signatures (e.g., Permit, Permit2) can authorize transfers without an on-chain transaction — dangerous because they look harmless.

Why they're so effective

Drainers exploit the gap between what a transaction says and what it does. Without a preview, users approve blindly. Drainer kits also rotate domains and obfuscate code to evade blocklists.

How to stop a drainer

  • Use a wallet that simulates transactions — MetaMask and Rabby show balance changes before you sign.
  • Never sign what you don't understand. If a “claim” wants a signature, stop.
  • Audit and revoke approvals regularly with revoke.cash.
  • Start from a real wallet — a fake one is a drainer by default. Download safely and verify it.
Related: seed phrase phishing and the top fake wallet scams.

Frequently asked questions

What is a wallet drainer?

Malicious code that empties a crypto wallet when the victim approves a single transaction or signature, usually on a fake mint, airdrop, or claim page.

How do drainers steal funds without my seed phrase?

They trick you into approving a token spend or signing an off-chain message that authorizes transfers — no seed phrase needed.

How do I protect myself from drainers?

Use a wallet that simulates transactions, never sign what you do not understand, revoke unnecessary approvals, and only use a wallet you downloaded from the official source.

Browse verified wallets