Notorious phishing group, Angel Drainer, has reportedly stolen over $400,000 from victim’s 128 crypto wallets through a new attack vector, using a malicious Safe Contract.
The attack leveraged Etherscan’s verification tool to cover up the malicious nature of a smart contract.
The attack started at 6:40 am Feb. 12 when Angel Drainer deployed a malicious Safe (formerly Gnosis Safe) vault contract, wrote blockchain security firm Blockaid in a Feb. 13 post to X.
Today our researchers discovered yet another emerging attack vector from the Angel Drainer group — this time phishing users and leading them to a single Safe Vault contract where 128 wallets have been drained of $403k+ so far. All Blockaid-protected users are safe. 🧵 pic.twitter.com/niffQDlciG
— Blockaid (@blockaid_) February 13, 2024
A total of 128 wallets then signed a “Permit2” transaction on the Safe vault contract, leading to $403,000 in funds being stolen.
Blockaid said the scammers used a Safe vault contract specifically to deliver a “false sense of security,” as Etherscan automatically adds a verification flag to confirm it as a legitimate contract.
Blockaid stressed the incident wasn’t a direct attack on Safe and that its user base had not been “broadly impacted.” The security firm added it had notified Safe of the attack and was working to limit further damage.
See Also: Crypto Gaming Platform PlayDapp Lost $290 Million Worth Of PLA Tokens In Two Hack Exploits
“This is not an attack on Safe […] rather they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts, which can provide a false sense of security as it’s unrelated to validating whether or not the contract is malicious.”
Angel Drainer has only been in operation for 12 months but has managed to drain over $25 million from nearly 35,000 wallets, Blockaid stated in a Feb. 5 post X.
Today, the Angel Drainer Group celebrated one year in operation.
They've drained over $25M from nearly 35k wallets and are behind high profile drains like last year's Ledger Connect Kit and last week's Restake Farming attack.
We seek to protect every web3 user and put them out… pic.twitter.com/U1Sg6sajd6
— Blockaid (@blockaid_) February 5, 2024
The $484,000 Ledger Connect Kit hack and the Eigenlayer restake farming attack are among the most notable attacks committed by Angel Drainer in recent months.
The restake farming attack involved Angel Drainer implementing a malicious queueWithdrawal function which, once signed by users, would withdraw staking rewards to an address of the attacker’s choosing, Blockaid explained.
“Because this is a new kind of approval method, most security providers or internal security tooling does not parse and validate this approval type. So in most cases it’s marked as a benign transaction.”
(4/6)How does the attack work?
Central to the attack, a user signing a 'queueWithdrawal' transaction effectively approves a malicious 'withdrawer' to withdraw the wallet’s staking rewards from the EigenLayer protocol to an address of the attacker’s choosing. Unlike the regular…
— Blockaid (@blockaid_) February 1, 2024
Approximately 40,000 users on OpenSea, Optimism, zkSync, Manta Network, and SatoshiVM fell victim to phishing attacks in January, losing a combined $55 million, according to Scam Sniffer, a Web3 scam tracker.
🚨 ScamSniffer's January Phishing Report 🚨
🧵 1/6
in January, over $55M was stolen in phishing scams across EVM chains. Top 7 victims lost $17M! pic.twitter.com/Fq0tulYkVB
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) February 9, 2024
The figure is on track to surpass 2023’s figure of $295 million, according to Scam Sniffer’s 2023 Wallet Drainers Report.
#Binance #WRITE2EARN
