Is that crypto site a wallet drainer? How NFT and DeFi scams steal everything
Crypto wallet drainer attacks are among the most technically sophisticated — and financially devastating — scams targeting cryptocurrency holders. Unlike most fraud, they operate without a lengthy social engineering phase: one click, one signature, one wrong approval, and your entire wallet can be emptied in seconds.
The most common attack vectors: a fake NFT mint page, a fraudulent DeFi yield platform, a phishing link disguised as a MetaMask update, or an airdrop claiming to be from a legitimate protocol. When you connect your wallet and sign the requested transaction, you're signing a permission that grants the attacker unlimited spending rights over your tokens.
A second category involves seed phrase phishing: fake 'MetaMask support', 'Coinbase recovery', or 'wallet migration' pages instruct you to enter your 12 or 24-word recovery phrase 'to verify your wallet'. Entering your seed phrase hands over total, permanent control of your entire wallet.
🚩 Red flags to watch for
- ▶Any website or service that asks for your seed phrase / recovery phrase / mnemonic words — this should never be entered anywhere except when initially setting up a hardware wallet.
- ▶An unsolicited airdrop requiring you to connect your wallet and sign a transaction to 'claim' tokens.
- ▶A new NFT project, DeFi platform, or token launch rushed out on social media with extreme urgency and a short claim window.
- ▶Smart contract approval requests for amounts far exceeding what your transaction requires ('Approve unlimited spending of USDC').
- ▶Links in Discord, Telegram, or Twitter DMs to 'exclusive mints', 'whitelist opportunities', or 'security updates' for your wallet software.
✅ What to do
- 1Never enter your seed phrase anywhere on the internet, ever. Not for wallet recovery, MetaMask updates, airdrops, or any other reason. It is the master key to your entire wallet — anyone who has it owns everything in it.
- 2Review and revoke unnecessary token approvals regularly at revoke.cash (Ethereum) or equivalent tools for other chains.
- 3For significant holdings, use a hardware wallet (Ledger, Trezor). Hardware wallets require physical confirmation of every transaction, making remote drainer attacks impossible.
- 4Before connecting your wallet to any new site, search the platform's name alongside 'scam' or 'wallet drainer'. Check whether it's the official contract address published by the legitimate project.
📣 Where to report (by country)
🇺🇸 United States
🇬🇧 United Kingdom
- Action Fraud
- Police Scotland — call 101
🇦🇺 Australia
🇨🇦 Canada
🌍 Everywhere else
- Contact your local police and your bank immediately
- If money was sent, ask your bank about a recall request — act within hours
Got a suspicious message right now?
Paste it into our free AI checker for an instant pattern analysis
No account needed · Free to try · Privacy-first
Check your message free →No tool is a guarantee. AI pattern detection is a guide, not a verdict — always use your own judgment.
Common questions
Can a scammer drain my wallet just by sending me an NFT?
Receiving an unsolicited NFT alone cannot drain your wallet. The risk comes from interacting with it — specifically, if the NFT's listing or associated site prompts you to 'claim' it and you sign a malicious transaction. Viewing an NFT in your wallet is safe; signing transactions in response to it is where the risk lies.
How do I check what token approvals I've already given?
Visit revoke.cash and connect your wallet to see all outstanding token approvals. Revoke any you don't recognise or no longer need. Doing a periodic review of your approvals is good security hygiene — unlimited approvals from old DeFi interactions are a persistent risk.