Hold onto your crypto! The notorious Angel Drainer phishing group is back in the headlines, and this time, they’ve upped their game. They’ve reportedly siphoned off a staggering $403,000 from 128 crypto wallets. The shocking part? They used a clever new attack vector involving a malicious ‘Safe’ contract, fooling victims into a false sense of security. Let’s dive into how this happened and what you can do to protect yourself.
Angel Drainer’s Latest Heist: The ‘Safe’ Contract Deception
Imagine thinking your crypto is safe in a vault, only to find out the vault itself was a trap. That’s essentially what Angel Drainer pulled off. This attack, which unfolded on February 12th, leverages the very tools meant to ensure transparency in the crypto world – in this case, Etherscan’s verification system.
Here’s a breakdown of how this sophisticated scam played out:
- Malicious Deployment: At 6:40 am on February 12th, Angel Drainer deployed a malicious Safe (formerly Gnosis Safe) vault contract. Think of Safe contracts as multi-signature wallets, often considered a secure way to manage crypto assets.
- Etherscan ‘Verification’ Trick: Here’s where the deception comes in. Etherscan, a popular blockchain explorer, automatically verifies Safe contracts, marking them as legitimate. Angel Drainer exploited this, using a Safe contract to create a “false sense of security,” according to blockchain security firm Blockaid.
- The ‘Permit2’ Trap: Unsuspecting victims were then lured into signing a “Permit2” transaction on this malicious Safe vault contract. Permit2 is designed to streamline token approvals, making transactions more efficient. However, in this case, it became the key to unlocking victims’ wallets for the attackers.
- Funds Drained: Once victims signed the Permit2 transaction, it granted Angel Drainer the permissions they needed. The result? A total of $403,000 vanished from 128 wallets.
1/ Angel Drainer Deploys Malicious Safe Vault Contract to Steal $400K+ in New Attack Vector
Angel Drainer deployed a malicious Safe vault contract and leveraged Etherscan’s verification tool to cover up the malicious nature of the contract. pic.twitter.com/95jnjnU5as
— Blockaid (@blockaid_) February 13, 2024
Why ‘Safe’ Contracts? The Illusion of Security
You might be wondering, why target Safe contracts? The answer lies in the perceived security associated with them. Safe contracts are generally considered robust and trustworthy. By using a Safe contract, Angel Drainer aimed to exploit this trust, knowing that Etherscan’s verification badge would further reinforce this illusion of safety.
Blockaid clarified that this wasn’t an attack targeting Safe itself, emphasizing that Safe’s broader user base wasn’t broadly affected. They stated, “This is not an attack on Safe […] rather they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts, which can provide a false sense of security as it’s unrelated to validating whether or not the contract is malicious.”
The security firm has alerted Safe about the incident and is working to mitigate further damage. This highlights a crucial point: verification on Etherscan doesn’t guarantee a contract is benign. It simply confirms that the contract code matches what was deployed – not that the code itself is safe.
See Also: Crypto Gaming Platform PlayDapp Lost $290 Million Worth Of PLA Tokens In Two Hack Exploits
Who is Angel Drainer? A Rising Threat in the Crypto Space
Angel Drainer might sound new, but they’ve already made a significant, and negative, impact in a short time. Operating for just 12 months, this group has already drained over $25 million from nearly 35,000 wallets, according to Blockaid.
1/ Angel Drainer is a notorious drainer that has stolen $25M+ from 35K+ victims in the past 12 months.
We uncover how Angel Drainer’s phishing kits are more sophisticated than we previously thought, and provide recommendations for users to stay safe. pic.twitter.com/xPjWds15lS
— Blockaid (@blockaid_) February 5, 2024
Their notoriety is built on high-profile attacks, including:
- Ledger Connect Kit Hack: The $484,000 Ledger Connect Kit hack, which impacted many crypto users, is attributed to Angel Drainer.
- Eigenlayer Restake Farming Attack: They also executed a sophisticated restake farming attack on Eigenlayer, using a malicious
queueWithdrawalfunction. This attack highlights their ability to exploit new crypto mechanisms.
Blockaid explained that the restake farming attack was particularly insidious because “Because this is a new kind of approval method, most security providers or internal security tooling does not parse and validate this approval type. So in most cases it’s marked as a benign transaction.” This underscores the challenge for security systems to keep pace with evolving attack vectors.
1/ Angel Drainer implements malicious queueWithdrawal function in Eigenlayer restake farming attack
Angel Drainer implemented a malicious queueWithdrawal function which, once signed by users, would withdraw staking rewards to an address of the attacker’s choosing. pic.twitter.com/h7f9V8YdzO
— Blockaid (@blockaid_) January 30, 2024
The Bigger Picture: Phishing Attacks on the Rise
Angel Drainer’s activities are part of a larger, worrying trend. Scam Sniffer, a Web3 scam tracker, reported that approximately 40,000 users across platforms like OpenSea, Optimism, zkSync, Manta Network, and SatoshiVM fell victim to phishing attacks in January alone. The combined losses? A staggering $55 million.
🚨 In January 2024, 40,000 users lost $55M due to phishing scams.
Among them, 4,700 users on @opensea lost $19.5M, 3,000 users on @optimismFND lost $5.8M, 13,000 users on @zksync lost $12.7M, 14,000 users on @MantaNetwork lost $12.8M, and 5,000 users on @SatoshiVM lost $4.2M.
Full data:https://t.co/LSe309386h pic.twitter.com/4Dw8Cw6aH0
— Scam Sniffer (@realScamSniffer) February 9, 2024
Alarmingly, these figures suggest that 2024 is on track to surpass 2023’s total losses of $295 million from wallet drainers, as highlighted in Scam Sniffer’s 2023 Wallet Drainers Report. This escalating trend underscores the urgent need for heightened vigilance and robust security practices in the crypto space.
Protecting Yourself: Staying One Step Ahead of Phishers
So, what can you do to avoid becoming a victim of sophisticated phishing attacks like Angel Drainer’s? Here are some actionable steps:
- Don’t Rely Solely on Verification Badges: Etherscan verification is helpful, but it’s not a foolproof security indicator. Always scrutinize contract interactions, even if they appear verified.
- Be Wary of ‘Permit2’ Requests: Understand what you’re approving. If a transaction seems unusual or out of the blue, investigate further before signing.
- Double-Check Contract Addresses: Phishers often use addresses that look very similar to legitimate ones. Always verify the full contract address before interacting.
- Use Hardware Wallets: Hardware wallets provide an extra layer of security by keeping your private keys offline.
- Stay Informed: Keep up-to-date with the latest phishing tactics and security best practices. Follow reputable security firms and crypto news sources.
- Security Tools: Consider using browser extensions and security tools that can help detect and block malicious transactions.
In Conclusion: Vigilance is Key in the Crypto World
Angel Drainer’s latest attack serves as a stark reminder that the threat of phishing in crypto is constantly evolving. Attackers are becoming more sophisticated, exploiting trust and even using tools designed for security against us. Staying vigilant, questioning everything, and implementing robust security practices are no longer optional – they are essential for safeguarding your crypto assets in this increasingly complex landscape. Don’t let yourself be the next victim. Stay safe out there!
#Binance #WRITE2EARN
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.