A blockchain investigator has linked at least $5.27 million in cryptocurrency thefts over three weeks to Vanilla Drainer, a rising scam service that provides fraud software to attackers. Drainers use phishing and malware to compromise victims’ wallets, with Vanilla emerging as a major player after earlier drainers like Inferno and Angel saw declines.
Vanilla’s earliest public ads appeared in late 2024, promoting advanced tools to bypass fraud detection systems, such as Blockaid. The service takes a 15-20% cut of stolen funds, with one victim losing $3.09 million in stablecoins in August. Operators convert stolen tokens into cryptocurrencies like Ether and store them in wallets holding millions in decentralized stablecoins such as DAI, which can’t be frozen.
Despite tighter security measures reducing draining volumes overall, Vanilla has grown rapidly by frequently changing domains and deploying fresh malicious contracts to evade detection.
In July alone, phishing scams surged 153%, with Vanilla linked to significant losses totaling over $2 million. History shows drainer services often rebrand or pass their operations when targeted by law enforcement, making them a persistent threat in crypto crime.
