Wallet drainers are part of the growing Fraud-as-a-Service industry that makes it easy for anyone to launch a phishing campaign in minutes—no Web3 expertise required
Pink Drainer, Medusa Drainer, Angel Drainer—catchy names, but they’re no good at unclogging pipes. These and other drainers excel at emptying crypto wallets and siphoning off millions of dollars each year.
Drainers steal funds from victims’ wallets by tricking users into granting attackers control over their assets. They often take the form of malicious smart contracts that users unwittingly approve, or fake NFTs, tokens, and scam dApps that trigger unauthorized transfers when interacted with.
Peddled on Telegram and the dark web, drainers are part of a growing Fraud-as-a-Service industry. With just a few clicks, anyone can deploy a phishing campaign—no coding or Web3 expertise required. The addition of powerful open-source language models that can be adapted for nefarious means will only supercharge these tools, making fraud easier to perpetrate and harder to resist.
Inferno Drainer was one of the most prominent "scam-as-a-service" operations, responsible for stealing over $80M from about 137K victims during the year it was active in 2022-23. It spoofed websites of popular Web3 protocols, tricking users into connecting their wallets. In November 2023, the Telegram channel operating the drainers announced its shutdown. So when Inferno Drainer resurfaced earlier this year, our threat analysts took note.
Since late January 2025, a single scammer was able to leverage this kit to target multiple victims, obtaining more than $124K in illicit gains, according to threat detections by the Hypernative platform. The system identified the address as malicious on Jan. 28 and could have prevented the losses.
In 2024, drainers had a banner year stealing close to half a billion dollars worth of funds and attracting attention of the authorities worldwide. Thanks to law enforcement efforts like the Operation First Light and the Operation Endgame, which spanned 60+ countries and resulted in thousands of arrests, the drainer network suffered a major setback.
But, as with any illegal activity, so long as it remains lucrative, the cycle of whack-a-mole will go on. Hypernative's comprehensive fraud and phishing protection uses advanced algorithms that continuously analyze onchain data and identify a wide range of fraudulent activities in real-time, from sophisticated scams, phishing attempts, and address poisoning to scam tokens, pig butchering schemes, and drainer-as-a-service. It is a proactive approach to security that goes beyond warnings and actively prevents fraud attempts before they impact users and businesses.
Hypernative is a real-time monitoring, risk detection and automated response solution that identifies threats with high accuracy and gives customers precious minutes to respond before exploits can do damage. The platform tracks both onchain and offchain data sources and uses battle-tested, sophisticated machine learning models, heuristics, simulations, and graph-based detections to identify over 300 risk types, from smart contract hacks and bridge security incidents to frontend compromises, market manipulations and private key theft.
Over 200 Web3 projects rely on Hypernative’s real-time enterprise-grade platform that monitors over $100B worth of digital assets across more than 60 chains. The list includes Amber, Aptos, Balancer, Blockdaemon, Chainlink, Circle, Consensys, Ethena, eToro, Galaxy, Kraken, Linea, Morpho, Quantstamp, Reown, Solana, Starknet, and Uniswap.
Reach out to find out how Hypernative’s solutions stop phishing, fraud, and scams. Tune into Hypernative’s blog and our social channels to keep up with the latest on cybersecurity in Web3.
Secure everything you build, run and own in Web3 with Hypernative.
Website | X (Twitter) | LinkedIn
