A wallet drainer is a productized phishing kit. Drainer-as-a-service operators sell or rent kits to scammers, who deploy them behind phishing front-ends.
Modern drainers are sophisticated: they detect what the connected wallet holds, prioritize the highest-value assets, batch approvals into a single transaction, and route through obfuscation contracts to make on-chain analysis harder.
Drainers don't exploit smart contracts, they exploit users. The fix is therefore not technical at the contract level but at the interface and approval-management level: hardware wallets that show what is being signed, transaction simulation, and disciplined revocation hygiene.