23-4-2025 – A troubling transformation is reshaping the landscape of cryptocurrency-related cybercrime, as sophisticated digital theft tools known as ‘crypto drainers’ become increasingly accessible through subscription-based services, according to new research.
Blockchain security firm AMLBot’s latest findings highlight how these malicious tools, designed to siphon digital assets from unsuspecting victims’ wallets, are now being marketed as ‘Drainer-as-a-Service’ (DaaS) packages. These services are available for subscription fees starting from 100 USDT, dramatically lowering the technical barriers to entry for potential cybercriminals.
The commercialisation of these tools has created a concerning ecosystem where novice criminals can readily access detailed tutorials and guidance from experienced fraudsters. “The technical hurdles that once deterred amateur cybercriminals have largely disappeared,” notes AMLBot’s Chief Executive, Slava Demchuk.
Perhaps most alarming is the brazen approach some drainer groups have adopted, with organisations like CryptoGrab openly exhibiting at industry events. This unprecedented boldness appears rooted in the peculiarities of Russian cybercrime enforcement, where malicious activities targeting non-post-Soviet nations face minimal scrutiny.
The recruitment process for developing these tools has also evolved, with job advertisements for drainer developers appearing on mainstream platforms, particularly targeting Russian-speaking programmers. These posts often circulate in small but public developer communities on Telegram, though they typically vanish quickly after reaching their intended audience.
Financial impact data reveals the growing scale of the threat, with losses attributed to drainers reaching £494 million in 2024, marking a 67% increase despite only a modest rise in victim numbers. Kaspersky’s research indicates that darknet resources dedicated to drainers have more than doubled since 2022.
The shift in communication platforms has seen cybercriminals moving between Telegram and Tor networks, responding to changes in data-sharing policies and privacy concerns. This fluid adaptation highlights the sophisticated nature of modern cryptocurrency-focused cybercrime operations and their ability to evolve alongside regulatory pressures.
