The notorious phishing group Angel Drainer has once again stirred a wave of concern and financial losses among #cryptocurrency users. This time, they opted for a sophisticated attack utilizing the Smart Contract Safe vault, which once served as a symbol of security and trust. However, it's precisely this trust that was exploited to steal over $400,000 from 128 wallets.
Betrayal of Trust: Identity Concealment
In precise synchronization with the attack, which commenced on February 12th at 6:40 AM, the Angel Drainer group deployed a smart contract disguised as secure and legitimate. This maneuver aimed to ensure that transactions appeared as routine and safe operations. The result was the signing of 128 wallets within the "Permit2" transaction, ultimately enabling the thieves to pilfer a substantial sum of money.
Manipulation of Verification Tools
A key element of this attack was the utilization of the Etherscan verification tool, which automatically added a verification badge to Safe vault contracts. This badge created a false sense of security, exposing users to greater risks.
Response and Protection
Information about the attack was promptly relayed to Safe, although the incident wasn't a direct assault on their platform. The security firm Blockaid, which provided insights into the attack, is actively working to minimize damages and enhance user protection.
Angel Drainer isn't an unfamiliar group. Within its relatively short period of existence, just 12 months, it managed to pilfer a significant amount of funds from nearly 35,000 wallets. Their previous attacks, including a $484,000 hack on Ledger Connect Kit and a farming attack on EigenLayer, underscore their considerable malevolence and the dangers they pose to the cryptocurrency ecosystem.
Widespread Threat
This attack isn't an isolated incident. Cryptocurrency users are increasingly becoming targets of phishing attacks. Platforms such as OpenSea, Optimism, zkSync, Manta Network, and SatoshiVM are at risk, with users collectively losing over $55 million in January alone, according to estimates from the Web3 scam tracker.
The Scam Sniffer's 2023 Wallet Drainers Report highlights an alarming trend. If the current surge in phishing attacks isn't halted, losses in 2024 could surpass the $295 million recorded in 2023. It's time for the cryptocurrency community and security experts to collaborate on user protection and prevention of further financial losses.
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“