Cryptocurrencies have gained immense popularity over the last few years, and many people have invested heavily in these digital assets. A Coinbase report states the market has strengthened after the recent upheavals in several US banks. As cryptocurrency adoption and investment rise, there has also been an increase in cybercrime related to them. "Wallet draining" is on the headlines as well-known personalities in the crypto industry have been victims of this scam. Wallet draining refers to the unauthorized transfer of cryptocurrency from one's digital wallet to another by hackers or scammers. This attack can be devastating for the victims, as they can lose all their holdings in a matter of seconds. This article will delve deeper into what wallet draining is, the most widely used methods, and how to protect yourself from falling victim to it.
What is wallet draining?
Wallet drainers or drainware use a malicious smart contract to transfer digital assets from a crypto owner’s wallet. Hackers use various techniques to gain unauthorized access to a victim's wallet, such as phishing scams, malware, or hacking into the exchange where the victim's wallet is hosted. Once they have gained access to the wallet, they transfer the victim's cryptocurrency to another wallet they control, effectively draining the victim's wallet of its assets. The process of wallet draining can happen very quickly, and victims often only realize they have been hacked after the damage has already been done.
Common ways drainware can infect your devices
1. A fake P2E (play-to-earn) game
A social media post or DM will ask you to test a new P2E game. Once you start playing, the drainware inside the fake game gets access to your wallet’s seed phrase and begins draining your wallet.
2. Phishing pages
Phishing pages imitate web pages of well-known providers of online services. NFT influencer NFT God wanted to download an open-source video streaming software. He clicked on a Google-sponsored ad instead of downloading it from the official website. NFT God inadvertently downloaded drainware together with the software he wanted, and he lost everything in his wallet.
3. Fake hardware wallets
Hackers usually target individuals who own hardware wallets. The individual receives a package that looks like their hardware wallet. It includes a note saying their current device is unsafe and they have to use the delivered one. The owner plugs the new device into a computer and inputs their recovery key. The drainware inside the device transmits the keys to the hackers, giving access to the owner’s funds.
4. Trading bots
Bots inside some crypto exchanges entice you by offering free coins. Drainware is introduced once you start the process of availing of the offer. Hackers steal your funds via a backdoor in the contract.
AirDrops are marketing tools used by developers of new crypto coins. They send crypto or NFTs for free. Not all airdrops are genuine. A scam airdrop will send “coins” to your wallet with drainware that will siphon your funds.
How to avoid being a victim of wallet drainers
Ensuring the safety of your crypto wallet and protecting your digital assets is of paramount importance in the volatile and risky crypto space, where hackers and scammers are always on the prowl. To mitigate the risk of falling victim to cybercrime, here are some guidelines that users can follow to enhance the security of their wallet usage.
Choose your wallet wisely. It is an essential decision for any cryptocurrency investor, as it determines the security and accessibility of their digital assets. The wrong choice of wallet can result in the loss or theft of cryptocurrency, while a wise one can provide security and peace of mind. Get a non-custodial one to have full control of your keys and coins, such as XMRWallet.com for Monero.
Write your private keys with pen and paper instead of taking a screenshot or saving them on your smartphone or computer. Do the same for seed phrases. Some crypto wallets have seed phrases that give you access to your wallet. Make several copies and secure them in different places, so you will have another copy in case you lose the first one. If you lose your private keys or seed phrases, you lose your coins.
Never share your private keys or seed phrases with anyone, especially those who claim they are verifying coin ownership or fund transfers. Legitimate players in the crypto space will never ask for your private keys or seed phrases.
Keep most of your funds in a cold storage wallet, which are offline devices that keep your assets away from online scams.
Considering the ever-evolving tactics of hackers, it is prudent to implement all standard measures of wallet protection when dealing with cryptocurrencies. Adopt best practices and maintain a high level of vigilance in securing your digital assets.