Tomasz Bauer
VerifiedSmart Contract Security Researcher
Reverse-engineers drainer contracts and tracks wallet-drainer SaaS operators. Published research on Inferno, Pink, and Angel drainer campaigns.
Recent answers
What can I do if stolen ETH went through Tornado Cash?
Tracing my stolen ETH dead-ends at a Tornado Cash deposit. Is the money gone forever?
Can stolen Bitcoin actually be traced or is that a myth?
I've heard both 'BTC is fully traceable' and 'BTC is anonymous money for criminals'. Which is true?
What is a rug pull and how do I avoid them in DeFi?
A token I bought went to zero overnight and the team's Twitter is gone. Was I rug pulled?
My MetaMask wallet was drained — what should I do?
Woke up to a zero balance. Last thing I did was sign a transaction on what I thought was the OpenSea site. How did this happen and what now?
What is a wallet drainer contract and how does it work?
I keep seeing 'drainer' mentioned. What does the smart contract actually do?
What is a Permit2 signature scam?
Someone told me 'never sign Permit2 on unknown sites' but didn't explain why. What does Permit2 actually do?
What is address poisoning and how do I avoid it?
I sent USDT to an address that looked exactly like one I'd used before, but the funds went to a stranger.
How do I vet a new crypto project or opportunity?
A new project sounds promising. What's the minimum due diligence before putting money in?