Keeping your crypto investments safe will always be a concern for any avid investor. You want to know that your funds are secure from any possible threat. Unfortunately, as security features improve with technology, so do the threats.
Because technology is versatile, it provides us with improved security and cybercriminals like crypto drainers with improved methods of breaching that security. So, how do you prevent crypto wallet drainers from taking your funds? Let’s find out together.
What are Crypto Drainers
Crypto wallet drainers are individuals or entities that attempt to steal your funds from your crypto wallets. They use various methods like phishing attempts, malicious links, hacks, and bugs on blockchain platforms. The software for such drainers are often sold on Darknet Marketplaces and forums for a hefty price.
Crypto drainers can quickly drain all the funds from multiple wallets using smart contracts. With smart contracts, crypto drainers trick users into divulging their wallet details, and in one fell swoop, they clear their funds. Realistically, simply following some OpSec guidelines should keep you safe… But sometimes you’ll be outsmarted.
How Crypto Drainers Steal Your Funds
Crypto Wallet drainers use several methods to steal funds from unaware users. Below, you’ll find a few of the main ways in which scammers swindle crypto traders:
Your private keys are like the vault code to your account. Let a scammer get a hold of it, and they’ll have free reign with your account. Your private keys are the most vulnerable to crypto drainers when they have a connection to the internet. This includes software wallets.
While they offer a certain level of protection, they are susceptible to being hacked and stolen because they store your private keys online. There is only one solution for this issue: keeping your private keys stored safely offline in something like a hardware wallet.
Using Phishing Websites
Humans are visual buyers, so if scammers can lure us with a catchy ad or good-looking website, they’ve got us. Often, clicking on a malicious link can send you to a false website design for fishing.
You may receive prompts to download a folder or enter your personal information here. These are just tricks to give the hacker time and access to your device, which can put your private keys at risk.
Let’s be honest: some phishing sites look legitimate, and it can be difficult to tell the difference. But the best way to avoid this is by erring on the side of caution. Avoid suspicious sites and look for the SSL (site secure link) certification in the URL before you enter areas.
What better way to get into an individual’s account than to convince them to give you their details? If you’re signing a blockchain transaction, make sure you are signing with a legitimate organization. Check their details like site authority, history, and reviews. Doing your due diligence before a transaction with an unknown entity could save you a lot of cash.
The easiest way to check an entity’s legitimacy and authority is to see how many other sites confirm that site’s credibility. Check for reviews, suggestions, or warnings about the site before transacting with them.
Breaching Custodial Platforms
If your wallets are connected to a third-party application or custodial platform, you must give that entity permission to access and manage your funds. Here’s where the threat lies. Because you rely on a third party, you must trust that its security will keep your private keys safe from external threats.
If their system is hacked, then that compromises your private keys. You can avoid this altogether by using a self-custody wallet. Ledger offers these, which will help you monitor your funds personally.
Smart Contract Bugs
Finally, Crypto Drainers can use intelligent contract bugs embedded in blockchain platforms to steal your wallet details. While most trusted blockchain problems rarely have this issue, it’s still possible. You can avoid this by staying current with the latest blockchain news and trends. Blockchain platforms are also constantly vetting their systems for bugs, so they should quickly pick them up.
The business is booming, according to one chart; over $70 has made its way to those running crypto drainers in 2023.
Crypto Drainers to Look Out for
There are a few known Crypto Drainers out there that you should look for. Here are three of them:
Venom Crypto Drainers is relatively new and has recently stolen up to $27 million in crypto. That’s roughly 15,129 victims who have had their wallets cleared out. They currently have about 540 phishing sites and target more than 170 brands. They mainly use false websites and transaction requests to access their target’s assets. They often target NFT users by getting them to sign malicious listings which provide scammers access to their wallets.
Taylor Monahan discovered Pink by using their on-chain monitor bot. Using Discord to drop phishing links, this drainer has hacked over 7 Discord servers and stolen crypto from roughly 2,500 victims, with the total funds stolen being around $3 million. Blockchains affected include:
Inferno Drainer has also stolen a significant amount from crypto wallets. Stealing over $5 million from roughly 5,000 victims, Inferno specializes in multichain scams using phishing sites to steal funds and assets. With 600 phishing sites and 220 targeted brands, Inferno has stolen over $29 million worth of assets. Here are the blockchains that were most affected:
- BNB Chain
Tips to Avoid Your Crypto Being Stolen
It can be daunting to consider how easy it is for these crypto drainers to steal from others, but thankfully, there are ways in which you can avoid or at least lessen the likeliness of them targeting your accounts. Here are a few:
Never Expose your Private Keys
Your private keys are your most crucial asset regarding your crypto wallet. If it gets stolen or you lose it, there is no way of returning it. So, keeping it safe needs to be your top priority. Some of the best methods to protect your private keys include:
- Separating them.
- Storing them in different locations.
- Keeping them in a hardware wallet, and offline.
Segregate Your Assets
Ever heard the saying, “Don’t put all your eggs in one basket”? Well, it applies here. Avoid keeping all of your funds in one wallet. Yes, we know, this adds more admin to your plate and protects your assets. If one wallet gets hacked, then you at least still have the rest of your funds.
Generate your Recovery Phrase Offline
Keeping your recovery phase offline makes it impossible for hackers to get it. Most Ledger devices will allow you to generate your recovery phrases offline when you get them. You must keep this phrase offline always. This will give you complete control over the security of your wallet.
Avoid Google Ads for Crypto Services
Certain crypto drainers will use Google ads to drive traffic to their phishing sites. Avoid clicking on Google ads to go to these sites. Instead, take the time to look up the right crypto website and double-check its URL. These scammers often use site names that look the same as authoritative sites. This is how they catch you out.
Avoid Unidentifiable Links
This goes without saying, but if you come across an unidentifiable site link, don’t click on it. The chances of it being a malicious link are pretty high.
Enable Two-Factor Authentication
2FA is a great way to add an extra layer of protection to your wallets. By using 2FA, hackers will struggle to get into your purse without both passwords. Enabling 2FA is one of the first things you should do when you open a wallet.
Frequently Asked Questions
Yes, hardware wallets are safer than software wallets mainly because they store crypto offline, which makes them immune to hacking attempts.
If you suspect your wallet has been compromised, immediately change your passwords and revoke any suspicious access. Remove the funds if they are still there, and generate a new wallet and fresh Wallet ID. Never trust the one you feel could be compromised in any way.
Recovering stolen funds can be extremely difficult in cryptocurrency due to its pseudonymous nature. It’s essential to take preventive measures to avoid losing your funds in the first place.
Hey there, I’m a dark web geek who’s been around for the last 8 years. More precisely, I’m livedarknet’s senior content writer who’s been writing about darknet marketplaces, tutorials, and cybersecurity stuff for educational purposes.