Crypto Drainer Malware Now Rentable for $100—Because Even Hackers Love a Side Hustle
Cybercriminals are slashing barriers to entry with a sinister SaaS model: Drainer-as-a-Service. For less than your monthly Netflix subscription, anyone can lease phishing kits that siphon crypto wallets—no coding skills required. The malware’s subscription pricing? A steal at $100 (or 0.003 BTC, if you prefer your crime with a side of volatility). Security firms report a 300% spike in drainer attacks since Q1—turns out, when you commoditize theft, demand skyrockets. Remember: in crypto, the only thing more decentralized than the ledger is the blame game when funds vanish.
Online Communities Turn Phishing Novices into Crypto Hackers
Aspiring scammers can join online communities where experienced criminals offer tutorials, transforming phishing novices into crypto drainers with ease.
Some DaaS groups have become so confident in their operations that they reportedly advertise openly—even setting up booths at industry events.
Demchuk highlighted CryptoGrab as one such example, noting that these activities often go unchecked in jurisdictions like Russia, where hacking is rarely prosecuted if it doesn’t target local or post-Soviet citizens.
The cybersecurity industry has long been aware of these regional protections.
Past reports revealed that many malware strains, including ransomware and information stealers like Typhon Reborn v2, are programmed to deactivate if they detect Russian or post-Soviet system settings.
DaaS operations thrive within phishing communities spread across clearnet forums, darknet sites, and Telegram groups.
Developers are frequently recruited through job postings in semi-open Telegram chats, often targeting Russian-speaking programmers to create scripts capable of draining Web3 wallets.
AMLBot’s investigators uncovered listings for malware targeting platforms like Hedera (HBAR), demonstrating how technical talent is actively sourced in niche online spaces.
The rise of drainers has led to significant financial losses. In 2024 alone, Scam Sniffer reported $494 million stolen through such schemes—a 67% increase from the previous year.
Earlier today a draining service phished $4.3M from an ALI holder
After seeing a message from @realScamSniffer I immediately alerted the CORE team and investors who helped put together an emergency community vote to burn the stolen tokens after approval from the victim.
Happy… pic.twitter.com/0t6DyDopDh
Cybersecurity firm Kaspersky also noted a sharp rise in darknet forums dedicated to drainer tools, growing from 55 in 2022 to 129 by 2024.
While Telegram once served as a haven for cybercriminals due to its strict privacy policies, concerns emerged after reports that the platform began sharing data with authorities.
This has driven many bad actors back to the Tor network, where anonymity is easier to maintain.
Crypto Lost $1.6 Billion to Hacks in Q1
In the first three months of 2025, the crypto ecosystem lost a whopping $1,635,933,800 across 39 incidents, according to the blockchain security platform Immunefi.
The report claimed, “Q1 2025 marks the worst quarter for hacks in the history of the crypto ecosystem.”
Most of that was the result of only two hacks of two centralized exchanges. Phemex suffered a $69.1 million loss in January, while Bybit lost $1.46 billion in February.
Subsequently, the total number of losses in the first quarter marks a 4.7x increase compared to Q1 2024. At that time, hackers and fraudsters stole $348,251,217.
Notably, experts assume that the infamous North Korean Lazarus Group is behind the two largest attacks. They stole $1.52 billion, or 94% of total losses.
