What is crypto address poisoning?

Address poisoning is when a scammer sends a tiny transaction from a wallet whose address looks almost identical to one you use, hoping you'll copy it from your history and send funds to them by mistake. Always verify the full address.

My wallet was drained — what do I do?

Revoke all token approvals (for example at revoke.cash), move any remaining assets to a brand-new wallet with a new seed phrase, and report the drainer address. Funds already moved on-chain usually can't be reversed.

Scam guide

Wallet drainer & approval scams: how they work and what to do

Q: What is a wallet drainer?

A wallet drainer tricks you into signing a malicious transaction or token approval on a fake site. That signature gives the scammer permission to move your tokens and NFTs, letting them empty your wallet — sometimes immediately, sometimes later.

A wallet drainer tricks you into signing one malicious transaction or approval — and that single signature lets a scammer empty your wallet of tokens and NFTs.

If this happened to you, it is not your fault. Malicious signature requests are designed to look routine. Here's how they work — and what to do now.

Get your step-by-step action plan Where to report it

What is a wallet drainer?

It's malicious code on a fake site (a phony airdrop, dApp, mint, or "wallet checker") that asks you to connect your wallet and sign a transaction or token approval. That approval grants spending access, and the drainer uses it to sweep your assets. A related trick, address poisoning, sends you a tiny transaction from a look-alike address hoping you'll copy it from your history.

How the scam unfolds

1.The lure. A "claim your airdrop," "connect to continue," or "validate your wallet" site — often from an ad, DM, or hacked account.
2.The connect. You connect your wallet, and the site asks you to sign or approve something.
3.The approval. The signature grants token-spending access (e.g. an unlimited approve or permit) — not an obvious "send."
4.The drain. The scammer moves your tokens and NFTs out, sometimes minutes or days later.

Warning signs

🚩"Claim / connect / validate" sites that require a signature to "receive" something.
🚩A signature you don't understand — approve, permit, setApprovalForAll.
🚩Unsolicited tokens or NFTs appearing in your wallet (bait to visit a drainer site).
🚩An address in your history that looks almost identical to one you use (poisoning).

If your wallet was drained — do this first

•Revoke all token approvals at revoke.cash right away.
•Move any remaining assets to a brand-new wallet (new seed phrase, generated offline). Assume the old wallet is compromised.
•Never copy an address from your transaction history — always verify the full address from a trusted source.
•Record the drainer address and your transaction hashes for reporting.

Build my full action plan →

How to report it

•Your local police and national fraud body (see the reporting directory).
•Report the drainer wallet/contract address on Chainabuse.

⚠️ Beware the second scam

"Recovery experts" may contact you promising to get your money back for a fee. Most are scammers targeting victims again. Never pay anyone who guarantees recovery or asks for an upfront fee. Read the red flags →

You're not alone

Drainer signatures are deliberately disguised to look like normal wallet prompts. Being caught by one isn't carelessness. Reach out to someone you trust and consider a moderated victim community for support.

Get your personalized next steps

Answer 4 quick questions and get a tailored checklist, the right reporting links, and a ready-to-use evidence summary. Nothing is saved.

Start the action plan

← Back to all scam guides