Crypto Hackers Adopt ‘Drainer-as-a-Service’ Model, Renting Malware for Just $100

Crypto hackers are making it easier than ever to launch digital theft operations, as malicious “drainers” evolve into a service-based business.

According to an April 22 report by crypto forensics firm AMLBot, cybercriminals can now rent crypto-stealing malware through a growing “drainer-as-a-service” (DaaS) model, with prices starting as low as $100.

AMLBot CEO Slava Demchuk explained that what once required significant technical expertise is now accessible to virtually anyone familiar with basic cybercrime tactics.

Aspiring scammers can join online communities where experienced criminals offer tutorials, transforming phishing novices into crypto drainers with ease.

Some DaaS groups have become so confident in their operations that they reportedly advertise openly—even setting up booths at industry events.

Demchuk highlighted CryptoGrab as one such example, noting that these activities often go unchecked in jurisdictions like Russia, where hacking is rarely prosecuted if it doesn’t target local or post-Soviet citizens.

The cybersecurity industry has long been aware of these regional protections.

Past reports revealed that many malware strains, including ransomware and information stealers like Typhon Reborn v2, are programmed to deactivate if they detect Russian or post-Soviet system settings.

DaaS operations thrive within phishing communities spread across clearnet forums, darknet sites, and Telegram groups.

Developers are frequently recruited through job postings in semi-open Telegram chats, often targeting Russian-speaking programmers to create scripts capable of draining Web3 wallets.

AMLBot’s investigators uncovered listings for malware targeting platforms like Hedera (HBAR), demonstrating how technical talent is actively sourced in niche online spaces.

The rise of drainers has led to significant financial losses. In 2024 alone, Scam Sniffer reported $494 million stolen through such schemes—a 67% increase from the previous year.

Earlier today a draining service phished $4.3M from an ALI holder

After seeing a message from @realScamSniffer I immediately alerted the core team and investors who helped put together an emergency community vote to burn the stolen tokens after approval from the victim.

Happy… pic.twitter.com/0t6DyDopDh

Cybersecurity firm Kaspersky also noted a sharp rise in darknet forums dedicated to drainer tools, growing from 55 in 2022 to 129 by 2024.

While Telegram once served as a haven for cybercriminals due to its strict privacy policies, concerns emerged after reports that the platform began sharing data with authorities.

This has driven many bad actors back to the Tor network, where anonymity is easier to maintain.

In the first three months of 2025, the crypto ecosystem lost a whopping $1,635,933,800 across 39 incidents, according to the blockchain security platform Immunefi.

The report claimed, “Q1 2025 marks the worst quarter for hacks in the history of the crypto ecosystem.”

Most of that was the result of only two hacks of two centralized exchanges. Phemex suffered a $69.1 million loss in January, while Bybit lost $1.46 billion in February.

Subsequently, the total number of losses in the first quarter marks a 4.7x increase compared to Q1 2024. At that time, hackers and fraudsters stole $348,251,217.

Notably, experts assume that the infamous North Korean Lazarus Group is behind the two largest attacks. They stole $1.52 billion, or 94% of total losses.

The post Crypto Hackers Adopt ‘Drainer-as-a-Service’ Model, Renting Malware for Just $100 appeared first on Cryptonews.