The evolution of crypto drainers: a growing threat to Web3

Crypto drainers are now among the most sophisticated scam tactics targeting Web3 users. These malicious mechanisms, although relatively new, have multiplied exponentially over the past few years, affecting high-profile figures like Mark Cuban and Seth Green, as well as thousands of ordinary users.

How These Web3 Phishing Tools Work

Unlike traditional credential theft methods, crypto drainers operate on a different principle. Instead of seeking usernames and passwords, these tools are deployed via websites that imitate legitimate Web3 projects. Operators create fake portals and promote them on Discord and compromised social media accounts.

When a victim accesses one of these counterfeit sites, they are prompted to connect their digital wallet. Once connected, the interface presents a series of transaction proposals that the user often approves without scrutinizing the details. Once approved, these transactions give criminals full control over the funds in the wallet—allowing for immediate and complete draining.

A notable case occurred in January 2024, when Chainalysis uncovered an operation impersonating the SEC (Securities and Exchange Commission). This fake site promised free tokens via an airdrop, a common tactic to lure curious users.

The Extent of the Damage: Massive Growth in Theft

Numbers reveal a concerning escalation. According to data collected by Chainalysis, the quarterly value of siphoned funds from these tools now surpasses that of ransomware, a category considered one of the rapidly growing digital criminal threats. This trend has intensified since 2021.

After diverting user assets, scammers proceed with money laundering through various services. Investigations show a significant shift: while transfers to coin mixing services are steadily increasing, transfers to centralized exchanges are gradually decreasing. This transition reflects criminals adapting to increased regulatory oversight.

DeFi projects are increasingly becoming the preferred destination for siphoned funds. Decentralized exchanges, cross-chain bridges, and swap protocols are the main channels, mainly due to the ease of transfer and the pseudo-anonymity offered by the ecosystem.

From Bitcoin to DeFi: The Expansion of a Threat

Although the Ethereum ecosystem hosts the majority of malicious activities, threats are now emerging on other blockchains. In April 2024, Chainalysis identified a notable operation targeting Bitcoin, impersonating Magic Eden, the leading platform for Bitcoin-based ordinal NFTs.

This sophisticated attack stole approximately $500,000 USD across more than 1,000 malicious transactions. The expansion into Bitcoin demonstrates the growing scale of the phenomenon and the ingenuity of malicious actors exploiting new opportunities.

Essential Strategies for Protection

As these threats become more refined, defensive measures must also improve. Web3 users and projects have effective tools and practices:

Web3 security extensions like Wallet Guard help identify phishing sites and assess risks associated with wallets. These technological safeguards form an essential first line of defense.

Isolating assets is also critical: keeping significant funds in an offline wallet and only transferring necessary amounts to a hot wallet greatly limits exposure to crypto drainers.

Community vigilance plays a fundamental role. Users should learn to distinguish official links from those promoted in forums or social networks, which are often compromised or fraudulent. Before connecting a wallet to an unknown site, creating a temporary wallet with no value is a smart precaution.

Finally, in case of victimization, users can cancel incomplete transactions, although this option remains limited in most situations. Prevention remains the most effective strategy against these sophisticated threats targeting the Web3 ecosystem.