What is a wallet drainer contract and how does it work?

A drainer is a piece of code that lives on a phishing website. When you connect your wallet and 'sign in' or 'claim airdrop', it does the following behind the scenes:

1. Reads every token, NFT, and LP position in your wallet via on-chain scans.
2. Calculates the highest-value items to take.
3. Crafts a signature request that looks innocuous (Permit, Permit2, setApprovalForAll, or Seaport-style listing) but actually grants the attacker spending rights or buys your NFTs for 0.
4. The moment you sign, a backend bot sweeps the assets in priority order before you can react.

Drainer-as-a-service is now an industry: operators provide the smart contracts, phishing kits, and laundering rails, and take 20-30% of proceeds from affiliates who run the front-end campaigns. The most active families in 2024-2025 have been Inferno, Pink, Angel, and Drainer.io.