• Illustration of a hacker deploying crypto-draining malware from a laptop, with a "$100" price tag and dark web service menu—representing the rise of Drainer-as-a-Service.
    Cryptocurrency news

    Crypto Drainers for Hire: Hackers Offer Malware for $100 in New Service Model

    Posted on

    Crypto crime has entered a new era. According to a report from AMLBot dated April 22, cybercriminals are renting out malicious crypto-draining software through a “drainer-as-a-service” model — and anyone can get started for just $100.

    CEO Slava Demchuk of AMLBot says the new model has lowered the entry barrier for aspiring scammers, who no longer need to be seasoned coders to run lucrative wallet-draining campaigns.

    Training Phishing Beginners to Become Drainer Operators

    The growing cybercrime economy is supported by Telegram-based phishing groups and darknet developer forums, where rookies are trained by veterans. These drainer groups are increasingly visible — even setting up event booths and advertising their services openly.

    The malware is often built with geo-fencing features, disabling itself if run on systems set to Russian or CIS region languages, reflecting ongoing legal protection in places like Russia, where non-local cybercrime is rarely prosecuted.

    Telegram Groups Fuel Developer Recruitment for Drainers

    AMLBot analysts found job postings in Russian, offering payment for custom drainer development, especially for coins like Hedera (HBAR). These services are now part of a growing underground gig economy in Web3 exploit creation.

    According to Scam Sniffer, $494 million was stolen in 2024 alone through these tools — a major rise from 2023. Kaspersky adds that the number of darknet sites selling drainer tools surged over 2x in two years.

    As Telegram tightens its privacy policies under pressure, cybercriminals are migrating to Tor, further entrenching their anonymity.

    $1.6 Billion in Q1 Hacks: Crypto Faces Historic Security Crisis

    The first quarter of 2025 has seen unprecedented crypto losses, with $1.63 billion stolen in just 39 incidents, says Immunefi. Two centralized exchanges — Phemex and Bybit — accounted for most of the losses.

    Bybit’s $1.46 billion hack ranks as one of the largest in crypto history. Combined with Phemex’s $69.1 million loss, they represent the bulk of Q1 damages.

    That’s nearly 5x the losses recorded in Q1 2024. Most of the stolen funds — a staggering 94% — are believed to be the work of North Korea’s Lazarus Group, continuing their reputation as the most dangerous crypto threat actor in the world.

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    You Might Also Like