Wallet drainer

A wallet drainer is a type of crypto-theft tool that operates by deceiving a user into signing a malicious transaction. When you interact with a smart contract — for example, to claim an airdrop, mint an NFT, or connect to a DeFi application — you approve certain transaction permissions. A wallet drainer abuses this mechanism by having the user sign a transaction that, hidden in the technical details, grants unlimited spend approval or directly transfers all assets to the attacker.

Wallet drainers are deployed on fake airdrop websites, phishing pages impersonating popular DeFi protocols, malicious NFT minting sites, and through compromised social-media accounts of legitimate crypto projects.

The key defence is scrutinising every transaction approval in your wallet before signing, using tools that decode contract interactions, and revoking token approvals regularly using services like revoke.cash.