Wallet Drainer
Malicious code that empties wallets through deceptive signatures — one approval, everything gone.
A wallet drainer is a phishing kit that tricks you into signing transactions or token approvals that hand an attacker your assets — one deceptive “Claim,” “Verify” or “Mint” click can authorize unlimited transfers. Drainers are sold as a service, powering fake airdrop sites, cloned DApps, compromised project Discords and malicious ads above real search results.
Defense layers: bookmark real sites and never enter via links/ads or DMs; read what a signature actually grants (wallets increasingly simulate outcomes — heed the warnings); keep long-term holdings in a wallet that never touches DApps; and periodically revoke stale token approvals with a reputable revocation tool. Assume any unexpected signing request is hostile until proven otherwise.