Drainer as a Service (DaaS)

What Is Drainer as a Service?

In the past, running a crypto scam required significant technical skill. A hacker had to write their own malicious code to exploit smart contracts. Unfortunately, the emergence of Drainer as a Service (DaaS) has made this process accessible to any bad actors willing to pay for it, regardless of technical ability.

DaaS providers create ready-to-use “phishing kits” that include everything a scammer needs: fake websites, malicious scripts, and a dashboard to track victims. They then sell these kits to less-skilled criminals via the dark web or in private group chats. While some scammers may charge an upfront fee for the service, others simply take a cut of all the assets stolen using their tool.

This model lowers the barrier to entry for cybercrime, leading to a surge in phishing attacks across the crypto ecosystem.

How Do Crypto Wallet Drainers Work?

Crypto drainers are designed to trick users into signing malicious transactions. That is to say that they “hack” the user using various forms of social engineering in order to trick them into surrendering their assets or downloading malware.

1. The attacker sets up a fake website, often mimicking a well-known platform or protocol. They then promote this site via spam emails, hacked social media accounts, or direct messaging potential victims on social media.
2. When a victim connects their wallet to the fake site, the drainer script scans their wallet to see which assets (tokens, NFTs) are most valuable.
3. The site prompts the user to sign a transaction. This might be disguised as a “Claim,” “Mint,” or “Verify” button.
4. The transaction is actually a malicious smart contract function. Once signed, it grants the attacker permission to move assets out of the victim’s wallet. The script automatically transfers the funds to the scammer and the DaaS provider.

For more on smart contract scams and how to spot them, read our article on Ledger Academy.