Wallet Drainers Bypassing Blockchain Security Software

A notorious type of wallet-draining software known as ‘Angel Drainer’ has evolved new features to bypass wallet security tools that warn against malicious signatures by simulating transactions, placing users of such security software at risk of falling victim to crypto theft.

What is Angel Drainer?

Angel drainer is a type of malware designed to automatically steal the contents of a user’s wallet once a malicious transaction is signed. It first appeared in March 2023, and was responsible for $20 million out of the total reported tally of $295 million in annual losses arising from crypto theft.

Wallet drainers are usually deployed at the tail end of social engineering schemes or other types of phishing scams. Threat actors aim to lure unsuspecting users into clicking a poisoned link or ultimately signing a malicious transaction which then grants the wallet drainer authority to transfer tokens out of the compromised wallet.

The damage caused by wallet drainers is instant and irreversible. Wallets may often stay compromised long after being exploited by wallet drainer attacks. As a result, security tools such as transaction simulators are widely employed by users to conduct a health check on pending transactions prior to granting permissions via a signature.

Angel Drainer Bypassing Transaction Simulators

In a report published in April 2024, Bernhard Mueller described in detail how Angel drainer has evolved a set of new features that allow it to effectively bypass transaction simulators such as WalletGuard and Pocket Universe.

The wallet drainer achieves this by overriding the request to redirect the target’s RPC calls and hiding the ongoing interaction from the targeted anti-phishing tools. This renders transaction simulators ineffective as a safeguard against Angel drainer in such scenarios as these tools will fail to detect the drainer unless the phishing site domain is explicitly blacklisted.

Another method used by Angel Drainer to bypass wallet security tools like BlockAid is to generate unmarked contract addresses if the value of the stolen assets exceeds a predefined minimum threshold. This works because rather than simply simulating a pending transaction, BlockAid checks to see if a known malicious address is involved in the transaction.

In addition to these sophisticated mechanisms, Angel Drainer is also capable of sorting tokens and NFTs according to valuation, thereby prioritizing the most valuable assets when extracting assets from a victim’s wallet.

The Ultimate Line of Defense Against Angel Drainer

FailSafe is designed to intervene and prevent crypto theft in worst-case scenarios. Unlike other wallet security tools that simply warn users against suspicious activity, FailSafe is the ultimate line of defense that takes proactive steps to secure assets in a wallet targeted by threat actors.

While users may continue to use transaction simulators and similar types of preventative wallet security measures, FailSafe acts as a complementary layer to make your wallet fully impervious to cyberattacks such as hacks and wallet drains.

FailSafe integrates with cold wallets, while detecting on-chain and off-chain phishing attacks. Users can also use the ‘Smart Mode’ feature to enjoy maximum flexibility in wallet activity without sacrificing the integrity of their security.

Start using FailSafe to protect your wallet today and enjoy the highest level of wallet security.