Purple Drainer Exposed: Forta Firewall Flags New Drainer Contract

Forta Firewall has identified and flagged a new drainer operator, known as Purple Drainer, now targeting users across multiple L2s.

Drainers are pre-packaged sets of malicious tools (JavaScript code, smart contract snippets, and backend infrastructure) that steal assets by tricking victims into signing harmful approvals or transactions. Affiliates use these kits to run phishing campaigns, while the operator maintains the codebase and takes a revenue cut of each theft.

Currently there are a couple of drainer operators that dominate and consolidate most of the market share. The appearance of Purple Drainer marks yet another step in the professionalization of these underground markets, underscoring the importance of proactive detection and blocking.

Breaking Down the Purple Drainer Scam

Forta observed Purple Drainer executing a claim scam via the phishing site layer3-place.com. Victims were prompted to connect their wallets and perform a “Claim” action that appeared to be related to an airdrop. Instead of receiving tokens, their ETH was drained.

The stolen funds were automatically split between the operator and the affiliate running the campaign. In one transaction, the split was 15% to the operator and 85% to the affiliate, though other transactions revealed different ratios (20:80 or 10:90).

Distribution relied on social engineering. The phishing site was shared across Telegram, Discord, and Twitter, including a Telegram group under the name Digital.eth with more than 4,800 members promoting fake investment opportunities.

Expanding Detection: From Exploits to Phishing Scams

Forta Firewall is not limited to exploit detection. In 2025, Forta expanded its capabilities to cover a wider spectrum of risks, including compliance and scams.

Today, the Scams Module detects and blocks phishing, fake tokens and rug pull contract deployments. Just in July, the Firewall detected 1,173 phishing contracts on Ethereum Mainnet, linked to attackers who stole 252 ETH and hundreds of tokens worth $2.88M.

Purple Drainer was identified by this same module, ensuring that rollups and end-users protected by Forta Firewall are shielded from the latest generation of scams.

Why This Matters

Each new drainer operator increases the resilience and reach of malicious campaigns. With Purple Drainer joining the field, phishing attacks will continue to grow in sophistication and scale.

By leveraging Forta Firewall, rollups can continuously monitor, detect, and block malicious activity, keeping end users safe onchain.

To learn more and see Forta Firewall in action, schedule a demo with the Forta team.

About Forta

Forta offers onchain security and compliance, leveraging advanced AI and machine learning to proactively detect and prevent threats. Spun off from Open Zeppelin in 2021, Forta has top tier backers such as a16z, Blockchain Capital, and Coinbase Ventures.

‍