Phishing, fake sites & wallet drainers

The biggest single cause of crypto losses isn't smart-contract bugs — it's people being tricked into signing a malicious transaction themselves. This is phishing, and it deserves real attention.

How a wallet drainer works

A drainer is a malicious script behind a fake or compromised website. It doesn't "hack" your wallet; it gets you to authorize it. You land on a convincing page — a fake DEX, a "claim your airdrop" site, a counterfeit mint — connect your wallet, and are prompted to sign something. That signature grants an approval or transfers assets, and the drainer sweeps your funds in seconds.

A real, industrial example

The Inferno Drainer showed how organized this has become. Active from late 2022 into 2023, security researchers (Group-IB and Scam Sniffer) tied it to over $80 million stolen from tens of thousands of victims, via more than 16,000 phishing domains that imitated 100+ crypto brands. It was sold as "scam-as-a-service", taking a cut of whatever its affiliates stole. This is a professional industry, not a lone hacker.

How to stay safe

• Bookmark official sites and use the bookmarks — never reach a DEX through a search ad, DM or social link. Ads impersonating real sites are a top entry point.
• Read every signature request. Your wallet shows what you're approving; if a "simple" action wants to move tokens or grant a broad approval, stop.
• Be hostile to urgency. "Claim now", "limited time", "your wallet is at risk" are manufactured pressure.
• Never enter your seed phrase anywhere — no legitimate site asks (Lesson 8).
• Use a separate wallet for risky interactions, so a mistake can't touch your main holdings (Lesson 38).

If you suspect a drainer

Disconnect, don't sign anything else, and move remaining funds to a fresh wallet. Then revoke any approvals you granted to the site (Lesson 26). Speed matters, but prevention — bookmarks and read-before-you-sign — is what actually keeps you safe.