Launching a crypto scam has never been easier. A new report from blockchain forensics firm AMLBot reveals that malicious actors are now offering crypto-stealing malware for rent through a rising model known as drainer-as-a-service (DaaS). The cost? As low as $100.
AMLBot CEO Slava Demchuk stated that complex operations that once required elite coding skills are now available to beginners, thanks to DaaS providers who bundle malware with tutorials and support.
Drainer Communities Teaching Crypto Theft to Beginners
In online crime circles hosted across clearnet forums, Telegram groups, and darknet platforms, new scammers are being coached on how to deploy crypto drainers. These communities have even reached the point where they promote their malware openly and set up booths at events.
Groups like CryptoGrab operate mostly without legal consequences, especially in jurisdictions like Russia, where authorities turn a blind eye to cybercrime — as long as domestic users aren’t affected.
Many drainers are coded to auto-disable if they detect a Russian-language system, reinforcing the regional immunity from prosecution.
Job Listings Seek Russian Devs for Crypto Drainers
AMLBot researchers uncovered job ads within semi-private Telegram chats, where developers are hired to write drainers targeting HBAR and other Web3 tokens. Most listings are written in Russian and suggest attractive payouts.
Drainer tools are gaining popularity fast. Scam Sniffer recorded $494 million in losses via such tools in 2024 — a 67% increase year-over-year. Meanwhile, Kaspersky noted that drainer-centric darknet forums rose from 55 to 129 between 2022 and 2024.
Telegram’s increasing cooperation with law enforcement has driven many of these actors back to the Tor browser, where anonymity is more reliable.
2025 Starts with Record-Breaking Crypto Hacks: $1.63B Lost in 3 Months
Blockchain security firm Immunefi reports that Q1 2025 saw over $1.6 billion in stolen crypto, making it the worst quarter on record.
Two centralized exchanges bore the brunt: Phemex in January with $69 million lost, and Bybit in February with a staggering $1.46 billion breach.
This year’s Q1 losses are over 4.7x higher than those in the same quarter last year, with investigators blaming the Lazarus Group for most of the losses — especially the largest ones. The infamous North Korean cyber gang is believed to have taken 94% of all funds stolen in Q1.
