Wallet Drainer Scams on Twitch
Malicious links distributed through Twitch chat and compromised streamer accounts connect to wallet-draining contracts that empty all cryptocurrency from connected wallets in a single transaction.
Part of: Wallet Drainer Scams
Last reviewed: 1 June 2026
Wallet drainer attacks on Twitch target the growing overlap between gaming and crypto-native audiences who hold digital assets and are accustomed to connecting wallets to Web3 games and platforms.
Because wallet drainers work through a single approval transaction, they operate faster than any manual review can detect — by the time a victim realises what happened, the wallet has already been drained.
How this scam works on Twitch
Scammers either compromise a popular streamer's Twitch account or create a lookalike channel and broadcast a 'live NFT mint' or 'exclusive crypto airdrop' event. A prominent link or QR code directs viewers to a site that prompts wallet connection.
When the viewer connects their wallet and approves what appears to be a low-cost minting or participation transaction, the underlying contract actually requests unlimited token approval, emptying all assets from the wallet.
Chat bots reinforce the attack by flooding the chat with users 'confirming' they received their airdrop or minted their NFT, creating social proof that encourages more viewers to connect their wallets before the fraud is detected.
Common red flags
- Live stream announcing a time-limited NFT mint or airdrop requiring wallet connection
- Chat flooded with identical messages confirming mint success
- Stream link to a minting site not mentioned on the streamer's official social profiles
- Transaction approval request using broad token permissions ('set approval for all')
- Minting site URL that differs from the official project or streamer brand domain
- Urgent countdown timer driving immediate wallet connection
How to protect yourself
- Verify all NFT mints or airdrop events on the official project website before connecting a wallet
- Read transaction approval details carefully — any request for unlimited token permissions is a red flag
- Use a dedicated wallet with minimal assets for Web3 interactions found through Twitch streams
- Revoke unnecessary token approvals after every interaction using a trusted allowance checker
- Keep significant crypto holdings in cold storage, not hot wallets used for streaming platform interactions
How to report it
- Report the stream and channel via Twitch's report feature
- Alert the legitimate streamer being impersonated through their official social media channels
- Report the malicious domain to Google Safe Browsing and your browser's phishing protection
Frequently asked questions
Can a wallet be drained just from connecting to a site?
Connecting a wallet alone does not drain it. The drain occurs when you approve a transaction. Always read transaction details carefully and never approve 'set approval for all' requests from sites you are not certain are legitimate.