Wallet Drainer: The Latest Scam in Crypto and How to Shield Yourself

Ankita Verma

May 3, 2024

In our recent journey with the Persona Ad Network, we encountered our first scam scare, highlighting the need for tighter security measures. Learning from the incident, we delved into the intricate workings of crypto draining scams, shedding light on how scammers operate through fake campaigns and deceptive websites. To fortify our network, we implemented rigorous KYB verification, manual reviews, and automated screening protocols, emphasizing the importance of staying vigilant and educated in navigating the crypto landscape.

After running the Persona Ad Network for almost 10 months now, he had our first scam scare. This came from someone who posed as a legit business owner for 2+ weeks. Thanks to the community and partner support, we were able to detect and remove the Ads asap but this got the team thinking: how do we tighten the screws on our ad network and keep it foolproof? So, in this edition of "Proof of Growth," I'm sharing what we learned because, well, real growth means dodging those scammy speed bumps.

Phishing Ad that went live with Persona and was brought down ASAP!
My tweet as soon as the scam was detected!

“Crypto Draining” = Scam-As-A-Service

Wallet Draining is a form of malware, designed to deplete crypto wallets by transferring assets to the attacker's wallet. These threats take various forms, including malicious scripts, smart contracts, and phishing attacks, often facilitated by scam-as-a-service platforms.

Yes, you read it right. Wallet draining is an organized crime being offered as a “service” to malicious individuals or organizations. Well, that’s giving a whole new meaning to SAAS!

The most notorious SAAS wallet drainers like Angel, Pink, Monkey, and Inferno have caused substantial financial losses in the industry.  Most of these drainers use telegram to provide their services and work through SaaS structures charging a fixed amount  + (5-30%) of the stolen amount.

Toolkits offered by “Angel” drainer to steal your crypto

We've talked about crypto drainers as a service, but how exactly do these organized criminals pull off their schemes?

How Crypto Drainers Work

Stage 1: Launch of a Malicious Campaign

Perpetrators initiate fake airdrop or phishing campaigns, often leveraging social media, email, or paid advertising channels to entice unsuspecting users with promises of free tokens. These operations exhibit disturbing levels of sophistication, employing deceptive tactics like counterfeit airdrops, NFT minting opportunities, and compromised social media profiles.

These fraudulent activities generate traffic through various means:

  • Hacking Attacks: Exploiting vulnerabilities in official project Discord and Twitter accounts or attacking project frontends and libraries.
  • Organic Traffic: Leveraging airdrops of NFTs or tokens, seizing expired Discord links, and inundating Twitter with spam mentions and comments.
  • Paid Traffic: Utilizing Google search ads, Twitter ads, and advertisements on diverse web3 platforms via ad networks.
Google search ads with links to scam websites containing crypto drainers

Stage 2: Create a deceptive Website

Here's where things get even trickier. These imposters create fake phishing websites and use every trick in the book to look legit, mimicking real platforms with similar URLs and landing pages. It’s easy to miss if you aren't paying close attention.

So, what are the red flags to watch out for? 🚩🚩🚩

  • Airdrop promises & guaranteed NFTs - often too good to be true: Sites offering a never-ending stream of "exclusive," "first-ever," or "biggest" airdrops? Real airdrops don't come with such dramatic headlines.
  • Same case with the promises of free NFT mints with guaranteed rewards?  Remember, there's no such thing as a free lunch.
  • Website Mimicry: These tricksters create replicas of real platforms, complete with similar URLs and landing pages. Always double-check the address before you connect your wallet!
Here’s the real website for comparison - https://amazingpandaverse.io/
The website solanareward.com is a phishing site that looks like Solana's official site. It offers free Solana tokens to trick users.

Stage 3: Wallet Connection and interaction with smart contracts

The scammers are after one thing: your crypto wallet.  They'll trick you into connecting your wallet to their website, setting the stage for the final attack.

Phishing website solanareward.com prompts users directly to connect their wallet

Once you click on the “Connect wallet” button, they'll try to convince you to interact with a malicious smart contract.  These contracts are designed to look legit, often disguised as steps to claim your airdrop or mint your NFT.

Commonly used “Increase Allowance” Signature method used for draining tokens from the wallet
Commonly used “Uniswap Permit2 Permit” Signature method used for draining tokens from the wallet
Other Common phishing signatures
Different types of assets are targeted with different phishing signature methods. Here are some common phishing signature methods. The type of assets owned by the victim’s wallet will determine the kind of malicious phishing signature initiated

Can your wallet be drained by just connecting your wallet?

Just connecting your wallet usually won't drain your funds, but some sites might ask you to "sign a message" – that's a red flag!

Our team at Persona looked into a few of these cases where people posted on Twitter saying that they connected their wallet to a malicious website and got immediately drained.

In every case, once we dig into the details, we have found that they signed a contract. It was not the case of just connecting a wallet and being immediately drained. You would be surprised how many victims confuse the two especially when it's common for sites to ask users to sign a message with their wallet to log in which many victims conflate with connecting their wallet.

This is why it's so problematic from a security standpoint for dapps to ask users to log in by signing a message with their private key. It conditions users into thinking it's normal to sign things within the first few seconds of landing on a new site.

Stage 4: Asset Transfer!

If you fall victim to this stage,  you've unknowingly granted the attacker access to your crypto.  They'll make a swift getaway with your funds, using sneaky tactics like mixers and multiple transfers to cover their tracks.  Once your assets are gone,  they're as good as vanished.

What the request to sign the “contract” looked like (left), and what actually happened after the transaction was approved (right)

More detailed analysis of asset transfer transactions -


How to Stay Safe: A User's Guide

  • Beware Free Token Giveaways: Develop a healthy fear of free tokens and NFT giveaways. If it sounds too good to be true, it probably is.
  • Verify Token Information: Only trust official websites for token information. CoinMarketCap is your friend!
  • Scrutinize Website Age: Check a website's age using a tool like Whois. If it's less than six months old, steer clear!

The domain solanareward.com, flagged in one of our campaigns, was found to be registered in the same month, signaling a significant red flag.
  • Double-check Social Media: Double-check the official website and social media of the token advertised on the suspicious site. Contact their representatives if you're unsure.
  • Protect Your Private Keys: Never share your private keys or seed phrases. These are the keys to your crypto kingdom, guard them well!
  • Investigate Smart Contracts: Before interacting with any smart contract, verify its legitimacy using block explorers like Etherscan or BSCscan.
  • Grant Permissions Cautiously: Be cautious about granting wallet permissions, especially if they seem excessive.
  • Prioritize Organic Search: Avoid sponsored links in search results. Stick to the organic ones – they're less likely to be booby-trapped.
  • Review Transaction Details:  Review every transaction detail carefully. Companion browser extensions can also help identify
  • Take Back Control of Your Wallet : If you notice any suspicious transactions in your wallet, act quickly to revoke approvals. You can do this easily on platforms like Revoke (https://revoke.cash/)
  • Scam Alert Solutions: Consider installing solutions like Scam Sniffer (https://www.scamsniffer.io/) and Aegis Web3 (https://www.aegisweb3.com/) for an extra layer of protection.

Now, onto wallet practices:

Diversify, my friends. Don’t keep all your crypto in one basket. Spread it out, keep some in hot wallets for day trading, and keep your profits safe and sound in cold wallets.

Steps We Take at Persona

As an ad network, Persona takes security seriously. Here's how we fight back against these crypto-phishing scams:

  • Preventative Measures:
    • KYB Verification: We require Know Your Business (KYB) procedures for all advertisers. This in-depth verification process, including background checks, significantly reduces the risk of fake advertisers using our platform.
    • Manual Reviews:  Every campaign goes through a manual review process. We analyze the entire ad funnel using our test wallets, closely monitor all the signature methods, and validate the smart contract interactions on connecting the wallet.
    • Automated Screening Protocols:
      • Domain Age Checks: Our system automatically checks the age of domains hosting advertised websites. New domains (less than a month old) are red flags and get flagged for further review.
      • Blacklist Matching: We integrate with major blacklists of known scam URLs and domains.
      • Static URL Policy: We only allow static URLs to prevent shady redirects.
      • Ongoing Monitoring: We scrutinize all redirect URLs at regular intervals to identify any malicious scripts in operation.

Parting Thoughts

As we wrap up, here are some key takeaways to keeping your crypto safe:

Stay Vigilant, Stay Safe: Trust your instincts and stay vigilant. If something feels off, it probably is.

Knowledge is Power: Educate yourself about the latest scams. The more you know, the better equipped you are to protect yourself.

Community is key: Lean on your crypto community for support and share any suspicious activity. Together, we’re stronger.

Adapt: Keep up with evolving security measures to outsmart scammers.

Trust, but Verify: Double-check the legitimacy of offers and platforms before diving in.

Fearless, Not Reckless: Take calculated risks, but always proceed with caution.

That brings me to the end of this piece. With awareness and caution, you can navigate the crypto landscape safely. Stay sharp, stay informed, and let’s build a safer crypto world together! I’ll see you - until next time ⛑🔐

Read More

No items found.