I noticed a lot wallet drain scam happened. They usually use mint token or nft, and then transfer all your token or nft. So I read source code form some scam's mint website. It would scan your wallet first, and you think clicked mint for token but it call transfer or approve function,some even don't have smart contract.
web3.eth.sendTransaction({
from: walletAddress,
to: address,
value: web3.utils.toWei(amount, "ether"),
})
