Wallet Drainer

A Wallet Drainer is a class of phishing kit that automates the entire approve-and-transfer flow needed to steal tokens or NFTs from a user's wallet. The user does not have to make an obvious mistake. They land on what appears to be the legitimate protocol interface, connect their wallet as they always have, and approve transactions that look routine. The drainer's contract then exercises those approvals to move assets out. Inferno Drainer, Pink Drainer, Angel Drainer, and Monkey Drainer are the canonical examples of this category; they are sold as-a-service to phishing crews that handle distribution and split the proceeds with the kit operator.

Why drainers bypass smart contract audits

A wallet drainer attack does not exploit a bug in the protocol's smart contract. The contracts behave exactly as designed. The user signed the approval; therefore, the transferFrom is valid. The vulnerability is upstream of the contract, in the layer the user sees with their eyes. A smart contract audit reviews source code at a commit hash; it has no visibility into what URL the user typed into their browser, what IP that URL resolved to, or what JavaScript was served from that IP. This is the structural reason most drainer attacks land on protocols whose contracts are fully audited.

The mechanics of a drainer attack

A typical drainer flow:

1. Distribution. The attacker routes the victim to a malicious page. Common vectors include DNS hijacking (Curve, Squarespace cluster), CDN compromise (BadgerDAO, KyberSwap), supply chain injection into the production JavaScript bundle (Bybit), or phishing links from compromised social media accounts and search ads.
2. Wallet connection. The malicious page presents the protocol's familiar UI and prompts the user to connect their wallet. From the user's perspective, this is identical to a legitimate session.
3. Approval extraction. The drainer constructs approve or increaseAllowance calls with the attacker-controlled spender address. These calls may be disguised as routine interactions ("approve to swap", "approve to stake") or, in more sophisticated cases, presented as part of a legitimate-looking transaction that the user does not look at closely.
4. Transfer execution. Once the approval is granted on chain, the drainer's spender contract calls transferFrom to move the tokens to an attacker-controlled address. NFTs follow the equivalent setApprovalForAll plus transferFrom pattern.

The Inferno Drainer kit added refinements like detecting which assets in the wallet were highest-value and drafting the approval list dynamically based on what would maximize the take per victim.

Why approvals are the highest-yield signal

The spender address in a drainer attack is, by construction, a fresh contract that has never received approvals before. A protocol that monitors its user base for approve events targeting non-canonical spender addresses can detect a frontend compromise within minutes of the first victim. The BadgerDAO compromise produced anomalous approval patterns for twenty-two days before the mass drain — the signal was there, but nobody was monitoring for it.

Defensive measures include:

• Approval anomaly monitoring. Maintain a registry of canonical spender addresses for your protocol. Alert on any approval from a user in your protocol's address space to a non-canonical spender.
• Wallet-side warnings. Blockaid, MetaMask's built-in transaction simulator, and Pocket Universe display warnings when a transaction matches known drainer signatures. These are user-side defenses, not protocol-side, but raise the bar for the attacker.
• Subresource Integrity (SRI). Pin hashes on every third-party script tag in your frontend bundle. A modified third-party script will fail to execute, preventing drainer injection at the user's browser.
• Production bundle pinning. Maintain a known-good hash of your production JavaScript and diff against what your CDN actually serves. The BadgerDAO Cloudflare Worker would have been visible at the bundle layer.

Drainers in the 2024-2026 attack landscape

Wallet drainers accounted for a majority of the dollar value stolen in frontend compromise attacks against DeFi protocols across 2024 and 2025. The Squarespace DNS hijack cluster of July 2024 routed every affected protocol's traffic to Inferno Drainer infrastructure. The Curve Finance hijacks of 2022 and 2025 both terminated in drainer kits. The Aerodrome and Velodrome hijacks did the same.

A drainer-resistant DeFi posture treats the off-chain stack — DNS, registrar, CDN, frontend bundle, deploy pipeline — as in-scope for security review and continuous monitoring. The Full-Stack Audit is the engagement scope that covers both the contracts and the surface the drainer actually exploits.

Glossary cross-references

• DNS Hijacking — the most common distribution vector for drainer attacks.
• Frontend Security — the broader category of UI-layer attack surface.
• Supply Chain Attack — drainer injection via compromised third-party scripts or CDN configs.
• Subresource Integrity — browser-enforced defense against script substitution.
• Allowance — the on-chain primitive every drainer exploits.