Crypto Drainer‑as‑a‑Service (DaaS) Threatens Wallet Holders Across Multiple Blockchains
What Happened — A new underground “Drainer‑as‑a‑Service” (DaaS) ecosystem, dubbed Lucifer, is offering turnkey crypto‑theft capabilities to affiliates. Victims are lured to counterfeit DeFi, NFT or airdrop sites, connect their wallets, and unknowingly approve malicious transactions that instantly siphon tokens and NFTs.
Why It Matters for TPRM —
- Third‑party crypto platforms, wallet integrations, and DeFi services can become inadvertent distribution channels for DaaS affiliates.
- Asset loss occurs without traditional malware infection, making detection harder for standard endpoint controls.
- The SaaS‑like business model means the service can scale rapidly, increasing exposure for any partner that hosts or references compromised front‑ends.
Who Is Affected — Financial services, crypto exchanges, blockchain SaaS providers, NFT marketplaces, and any organization that embeds wallet‑connect functionality.
Recommended Actions —
- Audit all third‑party web assets that embed wallet‑connect or token‑claim flows.
- Enforce strict transaction‑approval policies and user education on wallet permissions.
- Require vendors to implement anti‑phishing controls and continuous monitoring of URL reputation.
Technical Notes — The attack relies on social engineering (phishing) to obtain wallet signatures; no vulnerability exploitation is required. Data exfiltrated consists of cryptocurrency tokens, NFTs, and associated private keys when disclosed. Source: BleepingComputer