Drainer Contract Detection

Drainer contracts are malicious smart contracts designed to steal cryptocurrency and NFTs from users who interact with them. Unlike traditional phishing that steals passwords, drainers exploit the transaction signing mechanism of Web3 wallets.

When you "sign" a transaction or message in your wallet, you're authorizing actions on the blockchain. Drainers trick users into signing transactions that transfer their assets to the attacker's wallet.

The sophistication of drainers has increased dramatically. Modern drainers can steal all tokens in a single transaction, bypass some wallet warnings, and even masquerade as legitimate protocol interactions.

Step 1: The Lure Drainers need users to visit a malicious site and connect their wallet. Common lures include fake airdrops, NFT mints, DeFi protocols, and "claim your reward" pages.

Step 2: The Connection When you connect your wallet, the site can see your token balances. Advanced drainers scan your wallet to identify the most valuable assets.

Step 3: The Approval Request The drainer requests you to sign a transaction. This might appear as a "claim" button, "mint" action, or innocuous "verify wallet" step.

Step 4: The Drain Once you sign, the malicious transaction executes. Depending on what you approved, this could transfer specific tokens, grant unlimited spending approval, or transfer NFTs.

The entire process takes seconds, and by the time you realize what happened, your assets are already in the attacker's wallet being swapped or bridged away.

SetApprovalForAll (NFTs) This function grants permission to transfer ALL NFTs in a collection. Legitimate uses exist, but drainers abuse it to steal entire NFT portfolios.

Unlimited Token Approval Approving a contract to spend "unlimited" tokens means it can drain that token from your wallet at any time, even after the initial transaction.

Permit/Permit2 Signatures These are "gasless" approvals that don't require on-chain transactions. They're harder to detect because they look like simple message signatures.

Direct Transfer Calls Some drainers simply request you sign a direct transfer of your tokens. Less sophisticated, but still effective against inattentive users.

Multi-call Bundles Advanced drainers bundle multiple malicious actions into one transaction, draining multiple assets simultaneously.

Use VerifyDrop Scanner Before interacting with any new site or contract, paste the URL or contract address into our scanner. We maintain a database of known drainer contracts and patterns.

Read Transaction Details Always expand the transaction details in your wallet. Look for: - What function is being called - What assets are being transferred - What approvals are being granted

Check Contract Verification On block explorers like Solscan, verified contracts show their source code. Unverified contracts hide their functionality—a major red flag.

Monitor Permission Requests Be especially suspicious of: - setApprovalForAll requests - Unlimited token approvals - Permit signatures - Transactions that don't match the expected action

Use Transaction Simulation Some wallets simulate transactions before execution. If the simulation shows unexpected token movements, don't proceed.

Use Burner Wallets For interacting with unverified sites, use a wallet with minimal funds. Even if it gets drained, your main holdings are safe.

Revoke Old Approvals Regularly audit and revoke token approvals you no longer need. Sites like revoke.cash help manage this.

Enable Wallet Protections Modern wallets have built-in drainer detection. Make sure these features are enabled and keep your wallet updated.

Don't Rush Scammers create urgency ("Only 100 left!", "Claim expires in 10 minutes!"). Legitimate airdrops don't require instant action.

Verify Everything Triple-check URLs, contract addresses, and transaction details. One wrong character can lead to a drainer.