Back to the board
Wanted
AT LARGECASE TH-0103Phishing Empire
Slippage
Real identityREDACTEDSEALED · JOHN DOE #0103
Sells the kit that empties your wallet in one signature.
Last seen
Tor-only — physical location unknown
Active since
2022
Victims
19.5K
Hunters on case
357
THREAT 5/5
Modus operandi
Operates a drainer-as-a-service: rents malicious signing widgets to affiliates who seed fake mints, airdrops, and "claim" sites. A single approval signature sweeps every token and NFT. Takes a 20% cut of all affiliate theft.
Scheme
DrainerX (wallet-drainer-as-a-service)
Evidence collected
- 1Single deployer funds 400+ affiliate phishing domains.
- 2Smart-contract "permit" exploits traced to one signature template.
- 3Affiliate payout ledger leaked in a rival’s data dump.
- 4Operational security is strong — no KYC, no cluster break yet.
Crime timeline
- 2022DrainerX appears
Marketed in invite-only Telegram channels.
- 2023Affiliate boom−$80,000,000
Hundreds of operators; theft scales fast.
- 2024Mass-mint waves−$47,000,000
Fake claim sites for every hyped launch.
- 2024-06Still active
New variant defeats wallet warning prompts.
Tracked wallets
0xDra1n…1a008
EthereumBasePolygonSolana
Known aliases
- @drainerx
- @slippage
- slippage (Telegram)
#phishing#drainer#service operator#opsec