Crypto Drainer
Malicious smart-contract code or a deceptive wallet-connection prompt that sweeps all tokens from a victim's cryptocurrency wallet in a single transaction.
Also known as: wallet drainer, Web3 drainer, token drainer, NFT drainer
Last reviewed: 1 June 2026
A crypto drainer is a type of attack in which a victim is tricked into connecting their Web3 wallet to a malicious site or signing a transaction that grants the attacker permission to transfer all assets. Unlike wallet-drainer malware that operates via compromised devices, many drainers work purely through deceptive on-chain approvals that are entirely legitimate from the blockchain's perspective — the victim signed the permission themselves.
Common delivery vectors include fake NFT minting sites, spoofed DeFi protocol interfaces promoted through paid ads, hacked social-media accounts of legitimate projects, and phishing links distributed in Discord or Telegram groups. The attack typically takes milliseconds once the signature is obtained.
The distinction between 'crypto drainer' and 'wallet drainer' is subtle: 'wallet drainer' usually refers to the specific malware or script, while 'crypto drainer' often describes the broader attack category including smart-contract approval abuse. Both result in total or near-total loss of wallet contents.
Examples
- A user clicks a link in a Discord server for a hyped NFT drop, connects their wallet, and loses all assets within seconds.
- A fake version of a well-known DEX appears in search ads; a user approves a transaction and their entire token balance is transferred out.