The landscape of digital theft is rapidly changing, as crypto hackers increasingly commodify their operations through a service-oriented model. The emergence of malicious “drainers” has allowed cybercriminals to offer what is effectively a “drainer-as-a-service” (DaaS), making it easier than ever to conduct cryptocurrency theft.
According to a report dated April 22 from the crypto forensics firm AMLBot, cybercriminals can now gain access to crypto-stealing malware for as little as $100, significantly lowering the barriers to entry into digital crime. Slava Demchuk, CEO of AMLBot, noted that what once required advanced technical skills has now become accessible to anyone with a basic understanding of cybercrime techniques.
Online Communities Transforming Novices into Cybercriminals
Many aspiring scammers are finding their footing in online forums where seasoned criminals share their expertise, effectively turning novices into proficient crypto drainers. Some DaaS groups exhibit a level of confidence that is reflected in their marketing strategies, with reports indicating they openly promote their services and even establish booths at industry conventions.
Demchuk pointed to a specific operation called CryptoGrab, emphasizing that the lack of legal repercussions in certain regions, such as Russia, enables these criminals to operate with impunity unless their actions target local citizens. The cybersecurity sector has been aware of these regional legal protections, as previous studies indicated that numerous malware types, including ransomware and info-stealers like Typhon Reborn v2, are designed to disable themselves when they encounter Russian system configurations.
DaaS schemes are flourishing within phishing groups found across various online platforms, including clearnet forums, darknet marketplaces, and Telegram channels. Developers, often recruited through job advertisements in semi-closed Telegram chat rooms, primarily seek to engage Russian-speaking programmers to develop scripts that can drain Web3 wallets efficiently.
AMLBot’s investigations recently unearthed offers for malware that specifically targets platforms such as Hedera (HBAR), highlighting the active pursuit of technical expertise within these niche online environments. The rise in the use of drainers has had a substantial financial impact, with Scam Sniffer reporting that scams involving such schemes resulted in losses totaling $494 million in 2024 alone—a stark 67% increase compared to the previous year.
Earlier today a draining service phished $4.3M from an ALI holder
After seeing a message from @realScamSniffer I immediately alerted the core team and investors who helped put together an emergency community vote to burn the stolen tokens after approval from the victim.
Happy… pic.twitter.com/0t6DyDopDh
— ZachXBT (@zachxbt) March 1, 2024
The cybersecurity firm Kaspersky has also reported a notable increase in the number of darknet forums specifically dedicated to drainer tools, which have risen from 55 in 2022 to 129 by 2024. Once a refuge for criminals, Telegram’s strict privacy measures have come under scrutiny for allegedly sharing user data with authorities, prompting many offenders to return to the Tor network, where anonymity is more readily achievable.
Crypto Sector Faces Severe Hack Losses in Q1
In the opening quarter of 2025, the cryptocurrency sector experienced staggering losses totaling $1,635,933,800 across 39 hacking incidents, as reported by blockchain security platform Immunefi. The report termed this period as “the worst quarter for hacks in the history of the crypto ecosystem.”
The majority of these losses can be traced back to just two significant hacks involving centralized exchanges. Phemex suffered a loss of $69.1 million in January, while Bybit recorded an even more substantial loss of $1.46 billion in February. This brings the total losses for Q1 2025 to an alarming 4.7 times higher than during the same period in 2024, where losses amounted to $348,251,217.
Experts believe that the notorious Lazarus Group from North Korea is responsible for the two most substantial hacks, which alone accounted for $1.52 billion, or approximately 94% of the total reported losses.
The post Crypto Hackers Adopt ‘Drainer-as-a-Service’ Model, Renting Malware for Just $100 appeared first on Finance Newso.
