Security

Web3 Users Compromised by New Eleven Drainer Phishing-as-a-Service

Eleven Drainer is the latest DaaS threat, leveraging social engineering to trick users into signing malicious token approvals, bypassing smart contract security.
November 24, 20253 min

A circular, abstract visualization is centered on a blurred blue-grey background, featuring a central dark grey circle. This central element is surrounded by a larger ring, vertically split into two halves with icy, cratered textures the left half is darker blue, the right lighter
The image displays a close-up of a high-tech device, featuring a prominent brushed metallic cylinder, dark matte components, and translucent blue elements that suggest internal workings and connectivity. A circular button is visible on one of the dark sections, indicating an interactive or control point within the intricate assembly

Briefing

The emergence of the new Eleven Drainer group signals an escalation in the organized Phishing-as-a-Service (DaaS) threat model, placing millions of Web3 users at immediate risk. This organized crime syndicate uses sophisticated social engineering to deceive victims into signing malicious token approval transactions, which grant the attacker unlimited spending rights over their assets. This attack vector bypasses protocol-level smart contract audits entirely, as the vulnerability lies in the user’s operational security, contributing to the approximately $494 million lost to drainers in 2024.

A close-up view captures a highly detailed, intricate mechanical assembly, partially submerged or encased in a translucent, flowing blue material. The metallic components exhibit precision engineering, featuring a prominent central lens-like element, geared structures, and interconnected rods, all gleaming under precise lighting

Context

The prevailing security posture is characterized by a high-volume, low-effort attack surface rooted in user interaction. The DaaS economy, which sells sophisticated drainer kits for a percentage of stolen funds, has lowered the barrier to entry for cybercriminals. This environment has normalized the risk of token approval phishing, where users habitually sign transaction prompts without fully inspecting the embedded contract permissions, making them the weakest link in the security chain.

A vibrant, faceted blue crystalline structure, appearing like a solidified, flowing substance, rests upon a brushed metallic surface. The blue entity exhibits numerous reflective facets, while the metal features fine horizontal lines and a visible screw head

Analysis

The attack chain begins with a social engineering lure, such as a fraudulent NFT mint or a fake token airdrop, directing the victim to a malicious dApp front-end. The user’s wallet is then prompted to sign a transaction, typically an increaseAllowance or setApprovalForAll function, which is a legitimate on-chain function. This signature grants the attacker a limitless spending allowance on the user’s tokens or NFTs without any further interaction required from the victim. The Eleven Drainer then uses this pre-signed approval to silently sweep the victim’s assets from their wallet in a subsequent transaction, effectively draining the account.

The image showcases a high-tech, metallic turbine-like structure emitting a vibrant blue light from its core, partially covered in a frothy white substance. This visual represents the intricate engineering and development behind decentralized finance DeFi protocols and blockchain networks

Parameters

  • Annualized Drainer Loss → $494 Million; Total cryptocurrency stolen by wallet drainers in 2024.
  • Victim Count → 63,210; Victims of a related drainer (MS Drainer) in 2023, illustrating the scale of the DaaS model.
  • Vulnerability Type → Malicious Token Approval; The specific on-chain function exploited to grant unlimited spending rights.

A sleek, rectangular device, crafted from polished silver-toned metal and dark accents, features a transparent upper surface revealing an intricate internal mechanism glowing with electric blue light. Visible gears and precise components suggest advanced engineering within this high-tech enclosure

Outlook

Users must immediately revoke all unnecessary token approvals via dedicated third-party tools and adopt a zero-trust policy for all unsolicited dApp interactions. The industry must prioritize wallet-side security enhancements that provide clear, human-readable risk summaries for transaction signing, moving beyond opaque hexadecimal data. This DaaS proliferation mandates a shift in security focus from protocol code to user education and wallet interface transparency to mitigate the systemic threat of social engineering.

Metallic, segmented, tubular structures are intricately interlocked, forming a complex, interwoven system in a close-up view. Polished surfaces reflect light, creating a sense of depth and advanced engineering against a blurred, dark blue background

Verdict

The DaaS economy, exemplified by the Eleven Drainer, confirms that user-side social engineering and malicious token approvals are the single greatest systemic risk to retail digital asset security.

Phishing-as-a-Service, Wallet Drainer, Token Approval Theft, Social Engineering, Web3 Security, Malicious Signature, User-side Risk, Asset Draining, Multi-chain Threat, Crypto Crime Economy, DApp Interface Attack, Private Key Exposure, Digital Asset Security, NFT Theft, EOA Compromise, Front-end Attack, Allowance Mechanism, Transaction Signing, Security Awareness, Wallet Interface Signal Acquired from → beincrypto.com

Micro Crypto News Feeds

phishing-as-a-service

Definition ∞ Phishing-as-a-Service refers to subscription-based or rented platforms that provide tools and infrastructure for conducting phishing attacks.

token approval

Definition ∞ Token Approval is a function within smart contracts that grants a specific address or contract permission to spend a certain amount of a particular token on behalf of the token owner.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

token

Definition ∞ A token is a unit of value issued by a project on a blockchain, representing an asset, utility, or right.

transaction signing

Definition ∞ Transaction signing is the cryptographic process of attaching a digital signature to a transaction to verify its authenticity and integrity.

digital asset security

Definition ∞ Digital Asset Security refers to the measures and protocols implemented to protect digital assets from theft, loss, or unauthorized alteration.

Tags:

Tags: