// GLOSSARY -- SECURITY & COMPLIANCE

What is a Wallet Drainer?

2 min read Updated

A wallet drainer is malicious software that exploits token approvals, signed messages, or compromised keys to transfer all assets from a victim's cryptocurrency wallet — typically through phishing sites, malicious dApps, or compromised legitimate applications.

WHY IT MATTERS

Wallet drainers are the most common attack vector in crypto. Services like Inferno Drainer, Pink Drainer, and Angel Drainer provide drain-as-a-service toolkits that attackers deploy through phishing sites mimicking legitimate dApps. Victims connect their wallets and sign a malicious transaction or approval that transfers all their assets.

The typical flow: victim visits a phishing site → connects wallet → signs a 'claim' or 'mint' transaction → the transaction is actually a transfer/approval that sends all tokens to the attacker. Sophisticated drainers batch multiple token transfers into a single transaction.

Agent wallets face automated drain risks. A compromised MCP tool, malicious contract interaction, or prompt injection could cause the agent to sign transactions that transfer all wallet contents. Without spending limits, a single malicious interaction can drain everything.

HOW POLICYLAYER USES THIS

PolicyLayer prevents wallet draining by enforcing per-transaction and cumulative spending limits. Even if an agent is tricked into signing a malicious transaction, the policy limits cap the loss — the entire wallet can't be drained in one transaction or even across multiple transactions.

FREQUENTLY ASKED QUESTIONS

How do wallet drainers work technically?
They exploit: token approvals (get victim to approve unlimited spending), signed messages (EIP-712 signatures that authorize transfers), direct transfers (tricking users into signing transfer transactions), or permit signatures (gasless approval mechanisms).
How do you protect agent wallets from drainers?
Per-transaction spending limits, cumulative budget caps, recipient allowlists, approval controls (no unlimited approvals), transaction simulation before signing, and monitoring for unusual transfer patterns.
How much do wallet drainers steal?
Hundreds of millions per year. Individual drains can exceed $1M. The Ledger Connect Kit attack (supply chain → drain) affected multiple applications simultaneously. The threat is persistent and evolving.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.