Cryptocurrency Theft Software Operators Turn to Rental Model

The shift by developers of cryptocurrency theft malware—known as drainers—to a Drainer-as-a-Service (DaaS) model, akin to SaaS, has significantly simplified access to and use of the software. This is according to a report by AMLBot.

For a one-time fee of $100-300, novice fraudsters can rent a set of necessary tools. This includes:

• drainer infrastructure with a control panel;
• a rented domain;
• technical solutions for concealing online activity;
• documents for passing KYC procedures;
• hacked or new accounts on social platforms like Telegram, Discord, and X.

Malware developers in this scheme benefit from expanding their client base and virtual community.

Entering the world of crypto fraud once required considerable technical knowledge, commented AMLBot CEO Slava Demchuk to Cointelegraph. Within the DaaS framework, “starting is only slightly more complex than in other types of cybercrime,” he added.

Drainer operators seek clients through phishing-oriented groups on social networks, both on the open internet and the dark web.

According to Demchuk, some developers have become so “bold” that they set up official booths at industry conferences like CryptoGrab.

In 2024, the crypto industry suffered losses of at least $9.9 billion due to fraud, according to Chainalysis.