Wallet Drainers Explained: How They Steal Your Crypto

A “wallet drainer” is malicious code that empties your wallet in a single transaction — no password stolen, no key leaked. You simply sign something you shouldn't have. They're behind a large share of modern crypto theft.

How drainers work

You land on a malicious site (via phishing, a fake airdrop, a hacked Discord, or a sponsored ad). You connect your wallet and are asked to “sign” or “approve” something that looks routine. That signature actually grants the attacker permission to transfer your tokens or NFTs — and a script sweeps them instantly.

The dangerous approvals

• Token approvals granting unlimited spending of a token.
• “Permit” signatures that authorise transfers off-chain.
• setApprovalForAll on NFTs — hands over your whole collection.

How to protect yourself

• Never connect your main wallet to sites you don't fully trust.
• Read what you're signing — if you don't understand it, reject it.
• Use a hardware wallet so approvals require physical confirmation.
• Regularly review and revoke token approvals you no longer need.
• Keep large holdings in a separate wallet that never touches dApps.

Avoid the bait entirely

Drainers usually ride on a scam token or project. ChainInspector Suite lets you research a token and trace suspicious wallets before you ever connect — stopping the attack at the source.