Crypto drainers, malware designed to steal cryptocurrency, have become more accessible as the ecosystem evolves into a software-as-a-service (SaaS) business model. According to an April 22 report by crypto forensics and compliance firm AMLBot, many drainer operations have shifted to a SaaS model known as drainer-as-a-service (DaaS). The report highlighted that malware spreaders can rent a drainer for as low as 100 to 300 USDT. AMLBot CEO Slava Demchuk mentioned that entering the world of cryptocurrency scams no longer requires extensive technical knowledge. Under the DaaS model, starting is as simple as with other cybercrimes. Demchuk explained that potential drainer users learn from experienced scammers through online communities. Criminals from traditional phishing campaigns are transitioning to the crypto drainer space through this method. Groups offering crypto drainers as a service are becoming more brazen and professionalized, operating almost like traditional business models. Demchuk noted that some drainer groups even set up booths at industry conferences, such as CryptoGrab. This audacity is possible due to the leniency towards cybercrime in Russia. The cybersecurity industry has long known about this practice. Cybersecurity news publication KrebsOnSecurity reported that ransomware strains deactivate if Russian virtual keyboards are detected. Similarly, Typhon Reborn v2 deactivates if the user’s IP geolocation matches post-Soviet countries. The rise of drainers is evident, with Scam Sniffer reporting $494 million in losses in 2024, a 67% increase from the previous year. Kaspersky reported a surge in darknet resources dedicated to drainers. Developers are often recruited through job adverts targeting Russian speakers. Telegram chats are popular for such recruitment, as they offer a semi-open platform for technical talent to be recruited. The decentralization of these activities from clearnet and deep web forums to Telegram poses challenges for cybercriminals. Telegram’s stance on user privacy and encryption backdoors is a concern for cybercriminals.