Cybercrime in the crypto space is becoming increasingly commodified, with cybercriminals now offering “drainer-as-a-service” (DaaS) solutions to anyone willing to pay. According to a new report from AMLBot published on April 22, malicious crypto-draining software is being leased for as low as $100 — democratizing digital theft.
Slava Demchuk, CEO of AMLBot, says what once demanded advanced hacking knowledge is now accessible to low-skill actors, thanks to prebuilt malware kits and the service-based nature of cybercrime.
Online Crime Communities Fuel the Spread of Crypto Drainers
Budding cybercriminals are entering Telegram and darknet-based communities where skilled hackers provide not only the malware, but also step-by-step phishing tutorials. These digital underworlds turn amateurs into active Web3 exploiters.
Some groups have become so brazen that they openly advertise their malware — even appearing at in-person events. AMLBot’s report names CryptoGrab as a key player in the market, noting that many such operations operate freely in regions like Russia where enforcement is lax — provided local users aren’t targeted.
Indeed, malware is often programmed to automatically shut down if a Russian-language system is detected, reinforcing the idea that cybercrime protections in certain countries create safe havens.
Crypto Drainer Recruitment Booms Across Telegram and Darknet
AMLBot investigators found evidence of developer recruitment on Telegram channels and darknet job boards. Many listings specifically seek Russian-speaking developers to create drainer scripts targeting Web3 wallets and crypto platforms like Hedera (HBAR).
This rise in drainer activity has been financially devastating. According to Scam Sniffer, 2024 saw $494 million stolen via DaaS schemes — a 67% increase over 2023. Cybersecurity firm Kaspersky reported that darknet forums advertising such tools have more than doubled in two years, from 55 in 2022 to 129 in 2024.
Telegram, once a favored hub due to its privacy-centric policies, has recently seen cybercriminals flee back to the Tor network, following concerns that Telegram may have shared data with law enforcement.
$1.6 Billion Stolen in Q1 2025: Crypto Hacks Hit Historic High
Crypto losses from hacks have already reached a staggering $1.63 billion in just the first quarter of 2025, across 39 incidents, says blockchain security firm Immunefi. The group called Q1 “the worst quarter in crypto hacking history.”
Two major centralized exchange exploits dominated losses: Phemex lost $69.1 million in January, while Bybit suffered a $1.46 billion breach in February.
This marks a 4.7x increase in losses compared to Q1 2024, which saw $348 million in damages. Most notably, investigators suspect that North Korea’s Lazarus Group is responsible for the two largest attacks, accounting for 94% of Q1’s total losses.
