Ledger Wallet™ just got a major upgrade.

Take control today

A whole new level of choice, clarity and control

Trade different via Ledger 4.0

Download now Learn more

Drainer as a Service (DaaS)

Dec 16, 2025 | Updated Dec 16, 2025
Drainer as a Service (DaaS) is a malicious business model where hackers rent out wallet-draining code to would-be cybercriminals in exchange for a percentage of the stolen funds.

What Is Drainer as a Service?

In the past, running a crypto scam required significant technical skill. A hacker had to write their own malicious code to exploit smart contracts. Unfortunately, the emergence of Drainer as a Service (DaaS) has made this process accessible to any bad actors willing to pay for it, regardless of technical ability.

DaaS providers create ready-to-use “phishing kits” that include everything a scammer needs: fake websites, malicious scripts, and a dashboard to track victims. They then sell these kits to less-skilled criminals via the dark web or in private group chats. While some scammers may charge an upfront fee for the service, others simply take a cut of all the assets stolen using their tool.

This model lowers the barrier to entry for cybercrime, leading to a surge in phishing attacks across the crypto ecosystem.

How Do Crypto Wallet Drainers Work?

Crypto drainers are designed to trick users into signing malicious transactions. That is to say that they “hack” the user using various forms of social engineering in order to trick them into surrendering their assets or downloading malware.

  1. The attacker sets up a fake website, often mimicking a well-known platform or protocol. They then promote this site via spam emails, hacked social media accounts, or direct messaging potential victims on social media.
  2. When a victim connects their wallet to the fake site, the drainer script scans their wallet to see which assets (tokens, NFTs) are most valuable.
  3. The site prompts the user to sign a transaction. This might be disguised as a “Claim,” “Mint,” or “Verify” button.
  4. The transaction is actually a malicious smart contract function. Once signed, it grants the attacker permission to move assets out of the victim’s wallet. The script automatically transfers the funds to the scammer and the DaaS provider.

For more on smart contract scams and how to spot them, read our article on Ledger Academy.

Return On Investment (ROI)

ROI, or Return on Investment, is a financial metric used by investors to assess the profitability and performance of an investment by measuring the profit relative to its initial cost,

Full definition

Year To Date

Year to date (YTD) is the measurement of an asset’s performance beginning from the start of the calendar or fiscal year to the present date.

Full definition

Orphan Block

An orphan block (orphan) is a valid block that does not have a parent block and is not included in the main blockchain.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.