A drained-to-zero pattern occurs when a wallet’s balance collapses to zero in a short period that does not match normal operating behaviour. It is a strong behavioural indicator of compromise because legitimate exchange activity usually produces staggered movement, not sudden complete depletion.
Expanded Definition
The drained-to-zero pattern describes an abnormal sequence in which a wallet or account balance collapses to zero far faster than expected for its normal operating behaviour. In NHI security, that sudden depletion is less about the final balance and more about the behavioural shape of the event, which can indicate stolen keys, automated exfiltration, or compromise of an agent with transaction authority. It is most useful when read alongside timing, destination changes, signing activity, and prior access patterns rather than as a standalone signal.
Definitions vary across vendors because some teams apply the term only to cryptocurrency wallets, while others use it more broadly for any authenticated value-bearing account that should not be emptied in one burst. For governance purposes, NHI Management Group treats the pattern as a compromise indicator, not proof of theft by itself. A useful external reference point is the NIST Cybersecurity Framework 2.0, especially its emphasis on detecting anomalous activity and responding quickly to suspicious events. The most common misapplication is calling any low balance a drained-to-zero event, which occurs when analysts ignore the speed, transaction sequence, and whether the movement matches approved operations.
Examples and Use Cases
Implementing drained-to-zero detection rigorously often introduces false-positive risk, requiring organisations to weigh rapid compromise detection against the cost of investigating legitimate bulk transfers or routine treasury operations.
- A wallet used for settlement is emptied within minutes after an unusual login from a new geography, which differs from its normal staggered payout pattern.
- An AI agent with signing authority drains a hot wallet after a poisoned tool instruction causes it to approve repeated transfers in a short loop.
- A compromised service account moves all available funds to a new destination immediately after secrets are exposed, similar to the rapid attacker follow-up described in NHIMG’s LLMjacking: How Attackers Hijack AI Using Compromised NHIs research.
- An internal incident team compares the event against known compromise cases such as the GitHub Personal Account Breach to distinguish human error from automated abuse.
- Security engineers map the event to guidance in the NIST Cybersecurity Framework 2.0 and tune detection logic around anomalous depletion rather than balance thresholds alone.
In practice, a drained-to-zero signal is strongest when paired with evidence of credential misuse, destination novelty, or transaction bursts that bypass normal approval paths.
Why It Matters in NHI Security
Drained-to-zero events matter because they often reveal that an NHI has moved from access misuse to direct asset loss. When a wallet, token-controlled account, or machine-managed treasury is emptied, the compromise is no longer theoretical: the attacker has already crossed the boundary from reconnaissance into irreversible action. This is especially important in agentic environments where an AI agent, bot, or automated job may hold execution authority and can empty funds faster than human operators can intervene.
NHIMG research shows how quickly exposed credentials can be exploited in the wild. In LLMjacking: How Attackers Hijack AI Using Compromised NHIs, attackers attempted access to exposed AWS credentials in an average of 17 minutes. That speed helps explain why drained-to-zero patterns should be treated as urgent behavioural indicators, not retrospective bookkeeping anomalies. The operational lesson is that control over the identity is already lost before the balance reaches zero. Organisations typically encounter the full significance of the pattern only after funds have been removed or transfer limits have been bypassed, at which point drained-to-zero becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0, NIST Zero Trust (SP 800-207) and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-02 | Covers abnormal secret or credential-driven misuse that can empty NHI-controlled assets. |
| OWASP Agentic AI Top 10 | A-04 | Agentic misuse patterns include autonomous actions that trigger rapid, irreversible transfer events. |
| NIST CSF 2.0 | DE.CM | Continuous monitoring of anomalous events supports detection of sudden value depletion. |
| NIST Zero Trust (SP 800-207) | CA-7 | Continuous validation of activity is needed when identities can move assets rapidly. |
| NIST AI RMF | MAP 2.2 | Risk identification should include malicious or unintended AI-driven actions that cause asset loss. |
Alert on unusual depletion and investigate the associated NHI, secrets, and access path immediately.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 12, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org