The article is intended for beginners in the drain sphere who able to drive traffic.
All services mentioned in this article are mentioned exclusively from personal experience. I in no way encourage working with them
All services mentioned in this article are mentioned exclusively from personal experience. I in no way encourage working with them
What is a crypto-drainer?
By drainer, we mean a malicious script that embeds itself into elements of your site/phishing site* to obtain a signature for executing transactions and initiate the drain (depletion) process of assets (native coin, other tokens, and NFTs) from crypto wallets.
*phishing site - a copy (fake) of the original site.
Let's visually consider the example of a phishing site Uniswap (a popular EVM* DEX** with a drainer installed on it).
*EVM (Ethereum Virtual Machine) - a standard supported by Ethereum-like networks.
**DEX (Decentralized Exchange) - a decentralized exchange that allows users to exchange crypto assets without the involvement of a centralized entity.
In the screenshot above, we see a site identical to the original site but with one remarkable property:
Upon clicking the Connect buttons (at the top of the site) and Connect wallet, a modal window with a drainer is appeared. The user selects their desired wallet, then they are redirected to sign malicious transactions and end up losing their assets.
What will you need to work?
- "Search" for a drainer
- Purchase of a domain and hosting
- Set up and install the drainer on your landing page
- Wild desire to work and ability to drive traffic
Difficulties that await you
Or do not await. And in general, these are not difficulties. But, in any case, I wish you success in your endeavors, dear reader
1) There is a nasty company, its name is Blockaid. A company specializing in security in Web3*. In our case, it is an anti-fraud system.
*Web3 in simple terms - a general term for blockchain technology.
In simple terms, this is a red banner that is hard to ignore. It appears when connecting a wallet to our drainer and warns (notifies) the user that if they sign transactions, their assets will be stolen.
How to remove it! What to do?
Quark Drainer already have implemented a bypass for this nasty warning, but it works under certain conditions. Most often, this condition is the presence of a certain total sum of assets in the user's wallet. Later in the article, I will show you how the bypass works.
2) Deceptive site ahead. Achtung!
Yes, you understood it correctly. Both Google and Metamask (and some other cybersecurity companies) can detect your "harmless" project and display such a warning banner:
Features of working with drainer
If the user signed an approval for token spending when connecting to the drainer, we can withdraw the signed tokens as they come in.
*Signed an approval, meaning gave permission
How can I check if we received approval from the user?
Link to check approvals in the Ethereum network:
Token Approvals | Etherscan
Review and update your token approvals for any smart contract.
*Check with your drainer about the possibility of automatic withdrawal of approved assets
**Revoking approval is done on this same page with the "Revoke" button
Links to check approvals in any other networks are similar:
Token Approvals | BscScan
Review and update your token approvals for any smart contract.
Token Approvals | OP Mainnet Etherscan
Review and update your token approvals for any smart contract.
Token Approvals | Arbitrum
Review and update your token approvals for any smart contract.
Preparing and setting up the environment for work
© There is no such thing as anonymity
Whonix
Whonix is a Debian-based Linux distribution, previously known as TorBOX. It is designed to provide anonymity using VirtualBox and Tor. Its special feature is that neither malware nor compromising the superuser account can lead to IP address and DNS leaks.
How to create an EVM wallet for payouts?
To receive assets that you will drain (hopefully), you will need a wallet address
And the simplest way, for a beginner, is to install the Chrome browser within our working environment and add the Metamask browser extension, which has the capability to generate a wallet. Recently, in the Tronlink extension, you can also connect EVM wallets. So choose any. You can also set up multi-signature on your wallet (funds will be spent when confirmed from multiple accounts) if you are worried that you created the wallet using who-knows-what (but we are not discussing that now).
Take into account that some smart contracts have a function to lock your tokens (for example, USDT). I hope you understand:
After receiving locked assets, you need to get rid of them (exchange) as soon as possible - we will discuss this in the final section. (and shift our headache)
Setting up the landing page and installing the drainer
And choosing the drainer
So. Almost everything is ready for work.
What we have left, step by step:So. Almost everything is ready for work.
1. Purchase a domain and hosting
2. Creating a phishing site
3. Installing the drainer on the phishing site
4. "Combat" test
Which drainer to use?
But now we will consider a drainer that works successfully and is located directly on our forum. Great, isn't it?
After contacting support, you will have a mission. It's quite simple, you can handle it. You need to create your group in Telegram and a bot (which needs to be given administrative rights in the group). After that, you share the address of your EVM wallet and receive access to the panel and all the necessary instructions for action.
Compiling and installing the drainer on your landing page
You "created" your landing page (copied it or made your own).
After compilation, you will receive instructions on installing the drainer.
1. Go to the folder with your landing page and upload the compiled .js file to the root of your project.
2. Connect the script to the landing page.
Go to the source code of the landing page and insert the script provided.
In the same source code, find the necessary element and add the class connectButton next to it.
4. Upload the resulting landing page to hosting
It took me no more than 10 minutes to purchase a domain and set up the phishing site on hosting.
What's next? Let's test!
Test your landing page by connecting your wallet. If you have followed all the steps correctly, after connecting your wallet, you will receive a notification in your group about the successful connection and further actions.
Sometimes wallets are found to be fat, but the user has assets in USDT and no native token (fees) to conduct the transaction. You can independently set up automatic sending of the native token, sufficient for a successful drain. You just need to import the private key from your wallet (where you deposited around $20 in each network) into the panel for this.
You're fantastic, you've driven traffic and received a payout, what's next?
There are plenty of dirty crypto asset laundering schemes.
The optimal option - use any exchange from the forum with a good reputation and/or deposit.
After receiving a payout, do not rush to run to an exchange or convert to your card in p2p
Be patient.
I advise (from my experience) to additionally add several XMR chains to this chain. For greater security, I recommend not sending whole numbers in exchanges and waiting chains between XMR - XMR transfers should not be instantaneous.
We got this path:
Your dirty assets - exchange - XMR - XMR - fiat
If you decide to use a certain exchange, for example from the Clearnet, keep in mind that your funds may be locked and require you to justify the proof of the funds. Additionally, they may require identification of your identity. If this does not stop you and your exchange is blocked, do not be upset. Blocked funds can be restored, not with 100% probability.
If this does not stop you and you continue to successfully exchange your "dirt" on such exchanges - then do not forget about the fingerprint of your browser, which will track all your exchanges. That is, if you use one exchange to make two exchanges of USDT ERC20 to BTC and then BTC to USDT TRC20 - it will be easy to establish a connection between all your exchanges and wallets.
© Is this legal? - It's definitely illegal
Sell [Quark Drainer] Seaport 1.5 | Blur&X2Y2 | Fix metamask | Permit 2 | Smart Contract
QUARK DRAINER Get rid of all lack of money headaches PRICE : $5 000 QUARK DRAINER - Without a doubt No1 drainer. Here you do not go to a lottery, I hope the functionality and materials all clear without unnecessary water in this port. So here's a little bit about me, I've been coding...
niflheim.world
