Lesson 3 — Drainer attacks from a victim's view: what the signature you almost approved actually does
Wallet drainers don't break cryptography — they get you to sign something that authorises a transfer. Today: the mechanics, the signature types, and the moment to refuse.
Most catastrophic wallet drains involve no cryptographic break. The attacker doesn't have your seed, they don't have your private key, and they aren't 'hacking' your wallet in any technical sense. They are getting you to sign a single transaction or off-chain message that, in plain reading, authorises them to move tokens. This lesson exists to make you fluent enough in the signature you're about to approve that the trap closes on no one.
There are four signature types modern wallets present, and three of them are routinely weaponised. The first is an on-chain transaction — a state-changing call to a smart contract. You see the gas fee, the contract you're calling, and (in modern wallets) a decoded summary. The second is a token approval — a specific kind of on-chain transaction that grants a contract permission to move tokens on your behalf, often for unlimited amounts. The third is an EIP-712 typed signature — an off-chain message with structured data. The fourth is a personal_sign message — an unstructured off-chain message. Drainer attacks use approvals and EIP-712 signatures most heavily because they can be made to look innocent.
The Permit (EIP-2612) and Permit2 patterns are the most-exploited variants. Both let you authorise token transfers via off-chain signature instead of on-chain transaction — convenient because it saves gas, dangerous because the signature carries no transaction fee and no MetaMask 'are you sure?' urgency. A Permit signature, in plain reading, says 'this address can move up to N of my tokens until time T.' Drainers craft these signatures with unlimited amounts and far-future expirations. You sign, they immediately submit the signature to the chain, and the tokens move.
The setApprovalForAll pattern is the NFT-equivalent threat. Most NFT marketplaces and trading interfaces ask you to approve setApprovalForAll(operator, true) on your NFT collection once — after which the operator can transfer any NFT in that collection. Drainer sites that mimic real marketplaces request this approval against an attacker-controlled operator address. Once signed, every NFT in that collection is one transaction away from being moved.
Address-poisoning is the dust-attack variant that catches users who copy-paste from transaction history. The attacker sends you a zero-value (or one-wei) transfer from a vanity address that matches the first and last characters of an address you've genuinely used. The fake address appears in your wallet's 'recent activity.' On a later send, you copy what looks like your friend's address from history — except this time it's the attacker's. The funds go to them. Defence: never copy addresses from transaction history; always re-verify the full address against the original source.
What modern drainer kits do under the hood: a fake site convinces you to click 'connect wallet' and asks you to 'verify your wallet' by signing a message. The signed message is either a Permit (giving them unlimited spending on a specific token) or a setApprovalForAll (giving them every NFT of a specific collection). Within milliseconds of your signature, an automated drainer-as-a-service backend sweeps every approved asset to attacker-controlled addresses, often through privacy mixers in the same transaction batch.
The single most defensive habit is reading the signature payload. In MetaMask and most modern wallets, hovering or expanding the signature request shows the decoded EIP-712 fields. If you see 'spender' set to an unknown address, 'value' set to a number larger than what you intended to spend, or 'deadline' set decades in the future, that is the moment to cancel. Tools like Pocket Universe, Rabby's transaction simulator, and Tenderly's web simulator do this decoding automatically and flag known drainer patterns.
Example
A documented case from late 2024: a user reads a Twitter post about a 'verified Solana airdrop' for early Phantom wallet users. The site is a near-perfect clone of a real Phantom announcement page. They connect their wallet and click 'claim airdrop.' The wallet presents what looks like a routine permission request — the user, in a hurry and assuming this is just 'wallet connect', signs. The decoded message, had they expanded it, was a setAuthority transfer of all SPL token authorities from their wallet to an attacker-controlled address. Within four seconds the entire balance — about $42,000 in mixed SPL tokens — was moved to a drainer hot wallet, then split across three mixers within the same minute. No technical exploit was used. The user signed exactly what the protocol asked them to sign — they just didn't read what that was.
Common mistakes
- Treating signature requests as 'just connecting the wallet.' Every signature is a cryptographic authorisation; the act of signing is the attack surface.
- Hovering past EIP-712 decoded fields without reading them. The decoded payload is right there — the wallets put it there for exactly this reason.
- Believing 'I'd notice if it was suspicious.' Most successful drainer attacks succeed against users who would have noticed if they had paused for ten seconds.
- Approving setApprovalForAll for any NFT collection on any site you wouldn't trust with the entire collection.
- Copying addresses from wallet transaction history. Always re-verify against the original communication channel — a paste error here moves the funds, irreversibly.
- Connecting a wallet that holds long-term funds to any site you don't trust. Use a small 'hot wallet' with limited funds for interaction with sites you haven't verified.
Check your understanding
A site you found via a Twitter post asks you to 'verify your wallet' by signing a message. The signature request, when expanded, shows a Permit with `value: 2^256 - 1`, `spender: 0xa1B2...c3D4` (an address you don't recognise), and `deadline: 4102444800` (year 2100). What is happening?
Key terms covered
Sources & further reading
- PrimaryEIP-2612 — Permit extension for ERC-20
Specification of the off-chain signed approval primitive most heavily exploited by drainers.
- PrimaryEIP-712 — Typed structured data hashing and signing
The typed-signature format that all modern Permit and Permit2 signatures use.
- PrimaryUniswap — Permit2 documentation
Uniswap's universal-approval contract; the design and the broader exploitation surface.
- SecondaryChainalysis — 2024 report on wallet-drainer operations
Public reporting on drainer-as-a-service kits and operational patterns.
We prioritise primary sources. Where a topic moves quickly (regulation, security incidents), we re-check sources on the cadence shown by the page's "Next review" date.