DaaS (Drainer-as-a-Service)

Drainer-as-a-Service (DaaS) is an illicit business model where operators develop and maintain wallet-draining toolkits and lease them to affiliates. It mirrors SaaS: subscription access or revenue-share, dashboards, documentation, updates, and support—repurposed for theft.

Real Example: Inferno Drainer operated from November 2022 to November 2023 as the most successful DaaS operation, stealing over $87 million from approximately 134,000 victims through 16,000 bogus domains and 689 phishing sites.

The service charged affiliates a 20-30% fee of stolen assets while providing high-quality phishing templates, hosting infrastructure, and customer support via Telegram channels. After publicly “retiring” in November 2023, Inferno resumed operations in May 2024, claiming total thefts exceeding $250 million and citing increased demand following competitor shutdowns like Pink Drainer.

Hackers roll out obfuscated scripts and smart contracts that, once users grant approvals, help the bad actors to discover their assets and transfer them to their own wallets. A network of criminal affiliates handle distribution, building counterfeit sites, offering fake mints or airdrops, brand impersonation—while backends offer build variants to evade blocklists, and guides for laundering across chains. Revenue splits commonly allocate a percentage of stolen assets to the toolkit provider. The model lowers technical barriers and scales campaigns across multiple ecosystems.

• Use a real-time Web3 security tool like Kerberus to proactively protect you against these insidious and highly sophisticated attacks.
• Treat unsolicited mints, claims, and “urgent” approvals as high-risk.
• Verify domains and social channels against official announcements.
• Limit approvals, routinely revoke unused ones, and segment funds across wallets.
• Educate teams on current phishing/distribution patterns.