Glossary
Approval Drainer
Malicious smart-contract template that exploits stale ERC-20 or NFT approvals to drain victims' wallets — typically distributed via phishing kits.
An approval drainer is the second half of an ice-phishing attack. After a victim signs a malicious approval, the attacker calls into the drainer contract — usually a packaged template — that walks the victim's token allowances and pulls every approved token into the attacker's address.
Modern drainers (Inferno, Pink, Angel) handle multiple chains, multiple token standards (ERC-20, ERC-721, ERC-1155), and bundle gas sponsorship to make the drain succeed even if the victim's wallet is nearly empty of native gas. Approval-revocation tools and signing simulation are the standard defenses.