Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Angel Drainer Strikes Again: $400,000 Stolen from 128 Crypto Wallets with New Attack Vector

Angel Drainer Strikes Again: $400,000 Stolen from 128 Crypto Wallets with New Attack Vector

CryptopotatoCryptopotato2024/02/18 18:10
By:Chayanika DekaMore posts by this author

In just one year of operation, Angel Drainer has drained over $25 million from nearly 35,000 wallets.

The Angel Drainer phishing group reportedly pilfered over $400,000 from 128 crypto wallets using a new tactic. A recent analysis suggests that the notorious entity exploited Etherscan’s verification tool to mask the malicious nature of a smart contract.

Blockaid, a popular blockchain security company, disclosed on X (formerly Twitter) that the attack kicked off at 6:40 am on February 12, 2024.

Angel Drainer Targets Safe Vault Contract

Angel Drainer deployed a malicious Safe vault contract, leading users to inadvertently authorize a ‘Permit2’ transaction on the compromised contract, resulting in the theft of $403,000.

Specifically targeting a Safe vault contract, Angel Drainer aimed to lull users into a false sense of security, a typical ploy in crypto phishing schemes, as Etherscan automatically validates Safe contracts.

Blockaid highlighted that the assault was not a direct strike on Safe, affirming minimal impact on its user base. The security firm promptly notified Safe of the attack and was actively engaged in mitigating any potential further damage.

“This is not an attack on Safe, and Safe users are not broadly impacted – rather they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts, which can provide a false sense of security as it’s unrelated to validating whether or not the contract is malicious.”

Wallet Drainers on the Prowl

Wallet drainers, in general, execute their schemes by installing malicious software on fraudulent websites to trick users into approving detrimental transactions, resulting in the unauthorized withdrawal of assets from their cryptocurrency wallets.

Scam Sniffer, a prominent Web3 anti-scam platform, noted instances of wallet drainers pilfering over $295 million in assets from around 324,000 individuals in the past year.

Despite the shutdown of similar groups like Inferno Drainer, Angel Drainer’s existence exposes a troubling trend that has been successfully stolen. Data suggest that this group has stolen over $25 million from almost 35,000 wallets in just a year since its inception.

You Might Also Like:

  • Victim Loses $4.2 Million to Yet Another Phishing Attack: Report
  • 80% of Comments on Major Project Tweets Revealed as Phishing Scams: SlowMist
  • Trezor Users Beware: Third-Party Email Provider Compromised in Malicious Attack
0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!