Crypto Phishing Group Angel Drainer Reportedly Steals $400,000 From 128 Wallets
Crypto Phishing Community Angel Drainer Reportedly Steals $400,000 From 128 Wallets
Crypto phishing neighborhood Angel Drainer stole over $400,000 from 128 crypto wallets after deploying a malicious vault contract the day earlier than this day.
Per an X post printed on February 13 by blockchain security firm Blockaid, Angel Drainer employed a brand original attack vector that exploited Etherscan’s verification instrument to conceal the malicious characteristics of a smooth contract.
Angel Drainer Goes Crypto Phishing
The attack took place at 6:40 am on February 12 when Angel Drainer deployed a malicious Safe vault contract, Blockaid mentioned.
At 6:41am UTC on Monday, February 12th, Angel Drainer neighborhood deployed a Safe vault contract— 0xbaee148df4bf81abf9854c9087f0d3a0ffd93dbb— which they contain got since frail to phish and rip-off customers, prompting them to trace a Permit2 with this Safe Vault as the operator. pic.twitter.com/8ydY9nQO2R
— Blockaid (@blockaid_) February 13, 2024
Following the deployment, customers unknowingly licensed a ‘Permit2’ transaction on the compromised contract, culminating in the theft of $403,000.
The blockchain security firm famed that Angel Drainer specifically selected to use a Safe vault contract to instill an false sense of security amongst customers—a popular tactic in crypto phishing schemes—as Etherscan automatically provides a verification flag to Safe contracts.
Blockaid emphasised that the attack used to be no longer an quick assault on Safe, clarifying that its user spoiled had no longer experienced popular penalties. The safety firm additionally mentioned that it had instructed Safe concerning the attack and used to be working to mitigate any possible extra hurt.
“Here is no longer an attack on Safe […] moderately they made up our minds to use this Safe vault contract on myth of Etherscan automatically provides a verification flag to Safe contracts, which is willing to provide a false sense of security as it’s unrelated to validating whether or no longer or no longer the contract is malicious,” Blockaid mentioned.
Angel Drainer’s Tune File
In precisely one year of operation, Angel Drainer has managed to siphon off bigger than $25 million from nearly about 35,000 wallets in that short interval, in accordance with a February 5 post by Blockaid.
Moreover, the neighborhood accomplished a form of main breaches, including the 2023 Ledger Join Equipment hack and the most trendy EigenLayer restake farming attack.
The restake farming attack performed by Angel Drainer concerned the utilization of a malicious “queueWithdrawal” operate. As soon as customers trace, this operate would withdraw staking rewards to an address chosen by the attackers, the protection firm explained.
Source : cryptonews.com