1.23M Stolen (Vanilla Drainer)

By Bulebule22 | charangobailable | 24 Jul 2025

There's a new wallet drainer on the loose that's claiming a number of six and seven figure attacks of late. Lately, I've been investigating a number of drains that appear to have commonalities.

 

Recently, a person lost over 1.23M in two Uniswap v3 Position NFTs. Wallet drains happen daily, but this one is unique as it's from a recently launched wallet drainer, Vanilla Drainer.

 

0x3Dc4b980FeF45ab22f8A55b025aE9D19001d97b3 - Attacker Wallet

 

0x0000093161E379aEBCf40E7aCfd387Edb3000000 - Malicious Drainer Contract

 

0x40055A8B7aC86ad8d56A5e7bab79984DB581dA4b - 1.23M VICTIM 

 

In this instance, a malicious contract was signed that allowed the attacker full access to the user's Uniswap v3 Positions.

 

Once the user gave approval, the assets were transferred to the Malicious Contract then a wallet owned by the attacker - 0x3Dc4b980FeF45ab22f8A55b025aE9D19001d97b3.

 

Interestingly, all of the victim's funds are accounted for and are currently sitting in the scammer's wallet in DAI.

 

//

New technology like Blockaid helps prevent these large 6 and 7 figure drains that happened daily in 2023-2024. However, the scammers are smart and adapt. I'm starting to see more large wallet drains from new sophisticated methods.

 

I looked at some of the transaction history of Wallet d97b3 and noticed some interesting inflow from another scammer wallet - 0x9d38606C16E6C4F7B1ed4224eA5724FF5C6E710d. This wallet also appears to have significant assets, mostly in DAI. (At the time of this writing I'm showing close to 1.6M).

 

This wallet and others lead to a new drainer, Vanilla Drainer.

 

What is Vanilla Drainer?

Vanilla Drainer appears to follow in the footsteps of Inferno/Angel Drainer. I'm seeing similarities between the two and many on-chain interactions between Inferno and Vanilla Drainer.

 

Vanilla may be a spin-off, a stripped down version of Inferno Drainer (thus the name Vanilla!), or it could be it's own separate entity. To attract more Customers, Vanilla Drainer appears to be taking 15% of the drained assets vs Inferno Drainer's 20%.

 

The main ENS wallet of Vanilla Drainer is:

 

0xbadC0dE628760964219B6b45eed756F6b5405026 with registered ENS addresses of vanilladrainer.eth and vanilla-drainer.eth

 

Both ENS addresses were registered on 4/10/25. I LOLed at the prefix for this wallet, 0xbad.

 

/f0b357faaff2ae1ebcfef9d11518eb619d3fad3b2658e0d8094b4e4470bc81f7.png

/

How does Vanilla Drainer Work?

Vanilla is one of many SaaS Platforms out there. The process is mostly automated with some initial setup work to register the domain, build the website, and promote in search engines & social media.

 

In many instances, fake websites around recently hyped token launches attract a lot of drainer activity. The user is tricked into approving token transactions that drain their wallet instead of receiving their rewards.

 

/839738539788d7092d7259bec76abb517f94f1e97eae74d8b4be97330e0db934.png/

 

Vanilla Drainer appears to be deploying new phishing contracts at scale while simultaneously rotating fresh domains that host the website.

While still relatively new on the market, I'm starting to see a number of big six and seven figure attacks attributed to Vanilla Drainer.

Stay safe out there!

Cryptocurrency Bitcoin (BTC) Crypto News Crypto Wallet Scam

How do you rate this article?

16
Bulebule22
Bulebule22

Upanchorola

charangobailable
charangobailable

veo con delay

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Rally Challenges - Biggest Buy And Plot Twists Rally Challenges - Biggest Buy And Plot Twists
PVM

PVM

20 hours ago
2 minute read

The Law Crypto Is Waiting For May Be Running Out of Time The Law Crypto Is Waiting For May Be Running Out of Time
From0To10K

From0To10K

5 hours ago
7 minute read

The Crypto Scanner I Wish Had Existed When I Started Trading The Crypto Scanner I Wish Had Existed When I Started Trading
theweb3guy

theweb3guy

13 hours ago
9 minute read