TL;DR
A wallet drainer is a malicious website or smart contract designed to steal all tokens and NFTs from a user’s wallet by tricking them into signing harmful transactions.
Drainer sites impersonate legitimate projects (fake airdrops, mint pages, or DeFi apps). When you connect your wallet and sign what looks like a normal transaction, you’re actually signing a transaction that transfers your tokens, NFTs, and SOL to the attacker’s wallet. Modern drainers are sophisticated — they scan your wallet contents and construct a transaction that steals everything of value in a single click.
Phishing links in Discord, Twitter DMs, or fake airdrop announcements. Compromised project websites or DNS hijacking of legitimate domains. Fake token approval sites that claim you need to “revoke” something. Google ads for fake versions of popular dApps. Malicious NFTs sent to your wallet with drainer site URLs in the metadata. Even fake Phantom wallet update pages.
Use a burner wallet for interacting with unknown sites. Never sign transactions you don’t understand. Use Phantom’s transaction simulation to see what a transaction actually does before signing. Bookmark legitimate dApp URLs and never click links from DMs or ads. Keep your main holdings in a hardware wallet. Consider using Blowfish or similar transaction screening tools. If you suspect you’ve visited a drainer, revoke all token approvals immediately.