What is a wallet drainer in crypto?

A wallet drainer is malicious JavaScript hosted on a phishing site that tricks the user into signing a transaction or signature that grants the attacker permission to move funds out of the user's self-custody wallet. The drainer never sees the private key. The funds leave because the user signed them out, not because the keys were stolen.

How do wallet drainers steal money?

Wallet drainers steal money by getting the user to sign a wallet popup that grants the attacker spending rights. The most common patterns are Permit2 batch signatures with unlimited amounts, NFT setApprovalForAll for the entire collection, ERC-20 approve calls with max uint256, and direct ETH/SOL transfers. Once the signature or approval is collected, the drainer infrastructure sweeps the wallet.

What is a Permit2 attack?

A Permit2 attack is a wallet drainer that uses the Uniswap Permit2 contract at 0x000000000022D473030F116dDEE9F6B43aC78BA3 to extract a gas-free off-chain signature granting the attacker permission to move tokens. The signature contains a malicious spender, an unlimited amount, and a far-future expiration, so the attacker can execute the drain hours, days, or weeks after the user signs. See the SafeBrowz Permit2 signature attack deep dive for the full mechanism.

Can a hardware wallet stop a drainer?

A hardware wallet significantly reduces drainer risk but does not eliminate it. The device screen shows the actual transaction or typed-data payload, and the user must press a physical button to confirm. This blocks UI-spoofing attacks. The remaining risk is that the device screen is small and the typed-data payload may be truncated, so a user who confirms without reading the entire payload can still sign a malicious Permit2 message. The best practice is hardware wallet plus reading every field.

Is Inferno Drainer still active in 2026?

Yes. Inferno Drainer is the largest active drainer-as-a-service as of mid-2026. Its November 2023 retirement announcement was marketing rather than a real shutdown, and the toolkit has shipped continuous updates across Ethereum, Base, Arbitrum, Optimism, Polygon, BNB Chain, Avalanche, and Solana through 2024, 2025, and into 2026.

What should I do if I signed a drainer transaction?

Move quickly. First, transfer any remaining funds in the affected wallet to a new wallet you control. Second, visit revoke.cash, connect the compromised wallet, and revoke every active token approval and Permit2 allowance, especially any with unknown spenders or far-future expirations. Third, report the drainer URL to Chainabuse, CryptoScamDB, and your local cybercrime unit. Fourth, treat the compromised wallet as permanently untrusted and never use it again for meaningful balances.

What Are Crypto Wallet Drainers? (2026 Complete Guide)

Quick Take

A crypto wallet drainer is malicious JavaScript that tricks you into signing a transaction or signature that empties your wallet. The most common attack uses Permit2 signatures (gas-free off-chain approvals that grant unlimited spending rights). Top drainer families in 2026 include Inferno, Angel, and various stable.xyz lookalikes.

What is a wallet drainer?

A wallet drainer is a piece of front-end JavaScript hosted on a phishing site that turns a user's own wallet against them. The drainer never sees the user's private key, never asks for a seed phrase, and never breaks any cryptography. It does something far simpler. It presents a wallet popup that, once signed or approved, hands the attacker permission to move funds out of the wallet on the user's behalf. The crypto leaves the wallet because the user signed it out, not because anyone stole the keys.

The term emerged during the 2022 NFT boom. The wave of fake mint pages targeting Bored Ape and Azuki holders was the first time the wider crypto community saw the pattern clearly. A page promised a free mint. The user connected MetaMask. The wallet popup asked for setApprovalForAll. The user clicked Approve. Within minutes, the entire NFT collection in the wallet was transferred to an unknown address. No exploit, no bug, no key theft. The user had simply granted the attacker the right to move their NFTs and the attacker exercised that right immediately.

By 2024 the model had professionalized into drainer-as-a-service (DaaS). A small group of skilled coders builds and maintains the drainer toolkit (the JavaScript payload, the contract templates, the obfuscation, the wallet popup spoofing). Scammers (the "affiliates") rent the toolkit, host it on their own phishing domains, drive traffic with Telegram DMs, Twitter replies, and Google Ads, then forward the stolen funds back through the drainer infrastructure. The toolkit developers take a 20% to 30% cut, the affiliate keeps the rest. The economics look exactly like a SaaS dashboard, including affiliate leaderboards and Telegram support channels for the affiliates.

This division of labor is why wallet drainer activity scales the way it does. A single coder can support hundreds of affiliates. A single affiliate can run dozens of phishing domains. When one domain gets blacklisted, the affiliate spins up another in minutes. When one drainer toolkit gets reverse-engineered by security researchers, the toolkit author ships a new build. The same dynamic that powers SaaS startups powers the largest crypto theft category of the cycle.

How wallet drainers work, step by step

Almost every wallet drainer attack follows the same five-step sequence. Recognizing the sequence is the single most useful defense.

Step 1: Scammer creates a lookalike domain. The domain is chosen to look almost identical to a legitimate project. Recent examples include stable.xyz impersonating a real stablecoin protocol, uniswap-claim.app impersonating Uniswap airdrop pages, and hyperliquid-eligibility.xyz impersonating the Hyperliquid airdrop checker. The domain typically uses an unusual TLD (.xyz, .top, .fun, .one, .app) because the real protocol's .org or .io is already registered. See our deep dive on the stable.xyz wallet drainer impersonation for a worked example.

Step 2: Bait the user. The lookalike domain has zero organic traffic, so the attacker pushes the URL to the user directly. The dominant channels in 2026 are Telegram DM ("you are eligible for the airdrop, claim before tomorrow"), Twitter reply under any tweet that mentions the brand, Google Ads bidding on the brand keyword, fake Reddit threads, and YouTube comments under tutorial videos. Crypto KOL Discord servers are also frequent vectors because the trust signal of "this was posted in the official Discord" is hard to undo even after the moderator deletes the message.

Step 3: Connect Wallet triggers the malicious call. The page presents a normal-looking "Connect Wallet" button. Once the user connects, the page calls eth_sendTransaction for a direct transfer, or eth_signTypedData_v4 for a Permit2 or EIP-712 typed-data signature. The wallet popup appears. The user, expecting a normal connection prompt, often does not read the popup carefully.

Step 4: User signs the dangerous primitive. The signing target is one of four patterns: a Permit2 PermitBatch for unlimited amounts across multiple tokens (the most common in 2026, see the Permit2 signature attack explained deep dive), an NFT setApprovalForAll for the entire collection, a direct ERC-20 approve with type(uint256).max, or a raw transfer in the case of native ETH/SOL drainers. Each pattern hands the attacker different rights, but all end at the same outcome.

Step 5: Drainer sweeps the wallet. Once the signature or approval is in the attacker's hands, the drainer infrastructure executes the drain. For native token drainers, this happens in the same block as the user signing. For Permit2 and approval-based drainers, the attacker can wait days or weeks before pulling the trigger, which obscures attribution. The drained funds are routed through the drainer's contract, which takes the toolkit-developer cut, forwards the affiliate share to the affiliate address, and dumps the user's share to mixers (Tornado Cash forks, Railgun, cross-chain via Across or Synapse).

The top wallet drainer families in 2026

The drainer market is consolidated around a handful of toolkits. The five names below cover roughly 90% of all observed wallet drainer activity in the first half of 2026.

Inferno Drainer. The largest active drainer-as-a-service as of mid-2026. Inferno first appeared in late 2023 and went through a brief "retirement" announcement in November 2023 that turned out to be marketing. The toolkit supports Ethereum, Base, Arbitrum, Optimism, Polygon, BNB Chain, Avalanche, and Solana via separate payload modules. The Permit2 module is the most polished in the market, including dynamic spender rotation so that any specific spender address blacklisted by wallet security plugins is replaced within hours. Inferno affiliates pay 20% of stolen funds back to the toolkit developers.

Angel Drainer. Targets primarily NFT collections and lookalike DeFi pages. Angel's distinguishing feature is its DNS hijacking arm: in 2024 Angel affiliates compromised registrar accounts for several legitimate protocols (Balancer, Velodrome variants) and pointed the official domains at the Angel payload. This made the attacks indistinguishable from legitimate use until the affected protocol reclaimed the domain. Angel charges 20% to affiliates.

Pink Drainer. Active from late 2023 through early 2024. Pink targeted high-net-worth wallets via highly targeted Twitter DMs and Discord impersonation of NFT-project founders. Pink Drainer's operators publicly announced a shutdown in February 2024 after reportedly extracting more than $75 million. The shutdown was real and verified by on-chain forensic firms. See our Pink Drainer shutdown retrospective for the full timeline.

Pussy Drainer. A mid-tier drainer toolkit that ran from 2023 through 2024, primarily on Ethereum L1. Pussy targeted ERC-20 token drains via classic approve phishing rather than Permit2, which made it less effective against wallets that already had Permit2 approvals but more effective against users with fresh wallets. Largely displaced by Inferno and Angel in 2025.

Monkey Drainer. The 2022 era progenitor of professional drainer-as-a-service. Monkey publicly retired in March 2023 after a Chainalysis report tagged its operator's addresses. The operator's exit message linked to a successor toolkit; many security researchers believe that successor was the first version of Venom Drainer, which itself wound down by late 2023.

Beyond the named toolkits, the largest growth category in 2026 is the stable.xyz lookalike family: drainer affiliates who register variations of stablecoin protocol names (often using the literal string "stable" plus a TLD swap) and run a stripped-down Permit2 drainer focused exclusively on USDC, USDT, DAI, and FRAX. These pages convert well because users approaching a stablecoin protocol expect a permission prompt and rarely scrutinize a Permit2 signature. Read the stable.xyz lookalike wallet drainer case study for the detection signal.

Red flags: how to spot a drainer site before you sign

A drainer site does not look broken. The visual design is often polished, the dApp connection flow works, the wallet popup appears as expected. The red flags are in the details that the user has to notice deliberately.

Unsolicited DM with an airdrop claim. No legitimate protocol announces an airdrop via cold Telegram or Twitter DM. The first place a real airdrop is announced is the protocol's own X/Twitter account, the official Discord, and the protocol's published documentation. DM-delivered airdrop claims are wallet drainers with rare exceptions.
Domain off by one character or one letter from the real project. Common patterns include adding a hyphen (uniswap-claim.com), swapping a letter (ledgar.com instead of ledger.com, see our crypto address poisoning coverage), or adding a subdomain prefix (app.uniswap-airdrop.xyz).
Wallet popup asks for setApprovalForAll or unlimited Permit2. A real swap on Uniswap or 1inch asks for the exact swap amount, not the full balance. Any approval popup that says "unlimited" or shows an amount with many leading 9s is a wallet drainer.
Site demands a signature with no transaction explanation. Legitimate dApps show you the swap details, the price, and the slippage before the wallet popup. A page that triggers a signature request before showing what the signature does is a drainer.
URL ends in .xyz, .top, .fun, .one for a serious DeFi protocol. Legitimate DeFi protocols of any size are on .org, .io, .com, or .finance. Exotic TLDs are dominated by drainer sites and unrelated personal projects.
Discord or Telegram link in bio with no team transparency. Real protocols publish team members, audit reports, and on-chain treasury addresses. A site whose only social link is an anonymous Telegram channel is not safe to connect a wallet to.
No verified contract on Etherscan, BaseScan, or the relevant block explorer. Every legitimate dApp's contract address is verified on the explorer with full source code. An unverified contract is a wallet drainer or, at minimum, an unaudited project that does not warrant signing approvals on.
Twitter account less than six months old with fewer than 10,000 followers for a major-brand claim. Drainer affiliates spin up new Twitter accounts to push their phishing URL. Accounts impersonating major protocols (Uniswap, Aave, Compound) are easy to verify against the protocol's own pinned tweet and verified handle.

How to protect yourself from wallet drainers

Defense against wallet drainers is layered. No single tool covers every vector. The combination of the practices below is what reduces the realistic risk to near zero.

Use a hardware wallet for any meaningful balance. Ledger and Trezor route the signature through their on-device screen. Even if the dApp UI is spoofed, the device screen shows the actual transaction or typed-data payload, and the user must press a physical button to confirm. The device screen cannot be controlled by the website. This single practice eliminates the most catastrophic class of drainer outcomes.
Install SafeBrowz. The SafeBrowz extension catches wallet drainer pages at the URL layer before the wallet popup even appears. The 3-layer detection architecture (Local + APIs + AI, never four layers) combines 60+ URL patterns, 550+ brand-specific signatures, Google Safe Browsing, PhishTank, URLhaus, and a Premium AI layer that analyzes page content for drainer payload signatures in real time.
Use revoke.cash periodically to audit approvals. Connect your main wallet to revoke.cash once a month. Sort by amount and expiration. Revoke any approval you do not actively need. Permit2 allowances should be reviewed especially carefully because their off-chain nature makes them invisible until the attacker executes.
Never sign blind signature requests. If the wallet popup shows a typed-data payload and you do not understand every field (spender, amount, deadline, token), reject. There is no scenario in legitimate crypto use where you must sign something you do not understand within thirty seconds.
Verify URLs by typing them manually. Bookmark the real protocol's URL the first time you confirm it via the protocol's verified Twitter or Discord. From then on, only ever reach the protocol through that bookmark. Never click a link in a DM, ad, or reply to navigate to a dApp.
Use a hot wallet with a small balance for new dApps. Keep one wallet for storage (hardware, large balance, no dApp connections) and a separate wallet for active use (small balance, expendable). If the active wallet gets drained, the loss is bounded. Real funds stay isolated behind a wallet that has never signed anything risky.
Treat every signature request as a transaction. The wallet UI difference between a transaction (gas, slow popup) and a signature (no gas, fast popup) does not reflect the financial difference. Permit2, EIP-712, ERC-2612, and EIP-7702 all use signatures with full transactional consequence. Read every payload.

How to report a wallet drainer

Reporting a wallet drainer does not recover funds in most cases, but it does help take the drainer page offline faster and reduces future victim count. The places worth reporting to:

Chainabuse (chainabuse.com). A community reporting platform run by TRM Labs. Reports here propagate to wallet security plugins, including the alerts inside MetaMask and Trust Wallet.
Etherscan address tagging. If you know the drainer's destination address, submit a tag via Etherscan's "Update Address Info" form. Once tagged, every Etherscan view of that address shows the warning, which protects users who manually check addresses before sending.
CryptoScamDB (cryptoscamdb.org). A long-running open database of malicious crypto domains. Many wallet plugins pull blocklists from CryptoScamDB.
Local cybercrime unit. In the US that is the FBI IC3 (ic3.gov). In the UK, Action Fraud. In India, the National Cybercrime Reporting Portal. Filing a report creates a paper trail that some exchanges will reference if the drainer funds touch a centralized exchange and need to be frozen.
SafeBrowz Telegram bot. Submit the URL via the public reporting bot and our analyst will add the page to the global blocklist within the day. The same blocklist flows into our extension, API, and partner integrations.

How SafeBrowz blocks wallet drainers

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI. The architecture is exactly three layers, never four.

Layer 1 - Local detection: 60+ URL patterns (lookalike TLD swaps, brand-keyword combinations, Cyrillic and Punycode homograph variants) plus 550+ brand-specific signatures plus 100+ known wallet drainer contract addresses plus community whitelist/blacklist. All of this runs inside the extension before the page renders. A drainer page hosted on uniswap-claim.xyz or stable.xyz-style lookalikes is blocked before the wallet popup appears.
Layer 2 - API checks: server-side cross-reference against Google Safe Browsing, PhishTank, and URLhaus. A drainer URL that has been reported within the past week is matched and blocked even if it does not trip any local pattern.
Layer 3 - AI deep scan (Premium): when the URL is novel and no upstream feed has caught it yet, the AI layer analyzes page content for wallet connection prompts, Permit2 SDK imports, drainer-toolkit JavaScript signatures (Inferno, Angel, Pink, MS Drainer), and language patterns ("approve to claim airdrop", "verify wallet to continue") in 100+ languages.

Detection signatures are derived from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history. Page contents are processed for detection and never retained.

Block wallet drainers before you sign

SafeBrowz is a free browser extension for Chrome, Firefox, and Edge that catches wallet drainer pages in real time. Premium adds AI deep scan and wallet-drainer JavaScript signature detection at $14.99 per year. Core protection is free forever.

Add to Chrome Add to Firefox Add to Edge