Subscribe to the Non-Human & AI Identity Journal

Drained-to-Zero Pattern

A drained-to-zero pattern occurs when a wallet’s balance collapses to zero in a short period that does not match normal operating behaviour. It is a strong behavioural indicator of compromise because legitimate exchange activity usually produces staggered movement, not sudden complete depletion.

Expanded Definition

The drained-to-zero pattern describes an abnormal sequence in which a wallet or account balance collapses to zero far faster than expected for its normal operating behaviour. In NHI security, that sudden depletion is less about the final balance and more about the behavioural shape of the event, which can indicate stolen keys, automated exfiltration, or compromise of an agent with transaction authority. It is most useful when read alongside timing, destination changes, signing activity, and prior access patterns rather than as a standalone signal.

Definitions vary across vendors because some teams apply the term only to cryptocurrency wallets, while others use it more broadly for any authenticated value-bearing account that should not be emptied in one burst. For governance purposes, NHI Management Group treats the pattern as a compromise indicator, not proof of theft by itself. A useful external reference point is the NIST Cybersecurity Framework 2.0, especially its emphasis on detecting anomalous activity and responding quickly to suspicious events. The most common misapplication is calling any low balance a drained-to-zero event, which occurs when analysts ignore the speed, transaction sequence, and whether the movement matches approved operations.

Examples and Use Cases

Implementing drained-to-zero detection rigorously often introduces false-positive risk, requiring organisations to weigh rapid compromise detection against the cost of investigating legitimate bulk transfers or routine treasury operations.

  • A wallet used for settlement is emptied within minutes after an unusual login from a new geography, which differs from its normal staggered payout pattern.
  • An AI agent with signing authority drains a hot wallet after a poisoned tool instruction causes it to approve repeated transfers in a short loop.
  • A compromised service account moves all available funds to a new destination immediately after secrets are exposed, similar to the rapid attacker follow-up described in NHIMG’s LLMjacking: How Attackers Hijack AI Using Compromised NHIs research.
  • An internal incident team compares the event against known compromise cases such as the GitHub Personal Account Breach to distinguish human error from automated abuse.
  • Security engineers map the event to guidance in the NIST Cybersecurity Framework 2.0 and tune detection logic around anomalous depletion rather than balance thresholds alone.

In practice, a drained-to-zero signal is strongest when paired with evidence of credential misuse, destination novelty, or transaction bursts that bypass normal approval paths.

Why It Matters in NHI Security

Drained-to-zero events matter because they often reveal that an NHI has moved from access misuse to direct asset loss. When a wallet, token-controlled account, or machine-managed treasury is emptied, the compromise is no longer theoretical: the attacker has already crossed the boundary from reconnaissance into irreversible action. This is especially important in agentic environments where an AI agent, bot, or automated job may hold execution authority and can empty funds faster than human operators can intervene.

NHIMG research shows how quickly exposed credentials can be exploited in the wild. In LLMjacking: How Attackers Hijack AI Using Compromised NHIs, attackers attempted access to exposed AWS credentials in an average of 17 minutes. That speed helps explain why drained-to-zero patterns should be treated as urgent behavioural indicators, not retrospective bookkeeping anomalies. The operational lesson is that control over the identity is already lost before the balance reaches zero. Organisations typically encounter the full significance of the pattern only after funds have been removed or transfer limits have been bypassed, at which point drained-to-zero becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST AI RMF set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-02 Covers abnormal secret or credential-driven misuse that can empty NHI-controlled assets.
OWASP Agentic AI Top 10 A-04 Agentic misuse patterns include autonomous actions that trigger rapid, irreversible transfer events.
NIST CSF 2.0 DE.CM Continuous monitoring of anomalous events supports detection of sudden value depletion.
NIST Zero Trust (SP 800-207) CA-7 Continuous validation of activity is needed when identities can move assets rapidly.
NIST AI RMF MAP 2.2 Risk identification should include malicious or unintended AI-driven actions that cause asset loss.

Alert on unusual depletion and investigate the associated NHI, secrets, and access path immediately.