Connect with us

Hi, what are you looking for?

Editor's Pick

Crypto Phishing Group Angel Drainer Reportedly Steals $400,000 From 128 Wallets

Phishing group Angel Drainer stole over $400,000 from 128 crypto wallets after deploying a malicious vault contract yesterday.

According to an X post published on February 13 by blockchain security firm Blockaid, Angel Drainer employed a new attack vector that exploited Etherscan’s verification tool to conceal the malicious characteristics of a smart contract.

Angel Drainer Goes Crypto Phishing

The attack occurred at 6:40 am on February 12 when Angel Drainer deployed a malicious Safe vault contract, Blockaid said.

At 6:41am UTC on Monday, February 12th, Angel Drainer group deployed a Safe vault contract— 0xbaee148df4bf81abf9854c9087f0d3a0ffd93dbb— which they have since used to phish and scam users, prompting them to sign a Permit2 with this Safe Vault as the operator. pic.twitter.com/8ydY9nQO2R

— Blockaid (@blockaid_) February 13, 2024

Following the deployment, users unknowingly authorized a ‘Permit2’ transaction on the compromised contract, culminating in the theft of $403,000.

The blockchain security firm noted that Angel Drainer specifically chose to use a Safe vault contract to instill an unfounded sense of security among usersa common tactic in crypto phishing schemesas Etherscan automatically adds a verification flag to Safe contracts.

Blockaid emphasized that the attack was not a direct assault on Safe, clarifying that its user base had not experienced widespread consequences. The security firm also said that it had informed Safe about the attack and was working to mitigate any potential additional damage.

“This is not an attack on Safe […] rather they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts, which can provide a false sense of security as it’s unrelated to validating whether or not the contract is malicious,” Blockaid said.

Angel Drainer’s Track Record

In just 12 months of operation, Angel Drainer has managed to siphon off more than $25 million from nearly 35,000 wallets in that short period, according to a February 5 post by Blockaid.

Additionally, the group executed other major breaches, including the 2023 Ledger Connect Kit hack and the recent EigenLayer restake farming attack.

The restake farming attack conducted by Angel Drainer involved the usage of a malicious queueWithdrawal function. Once users sign, this function would withdraw staking rewards to an address chosen by the attackers, the security firm explained.

The post Crypto Phishing Group Angel Drainer Reportedly Steals $400,000 From 128 Wallets appeared first on Cryptonews.

You May Also Like

Editor's Pick

As decentralized naming systems gain traction, Ethereum Name Service has seen ENS price double, leaving some FOMO investors asking is it too late to...

Economy

How can Forex crash? Forex market crash history Fact that the Forex is one of the most volatile and most profitable markets in the...

Editor's Pick

Colorado-based pastor Eligio “Eli” Regalado and his wife, Kaitlyn, are facing legal action after allegedly defrauding investors of millions of dollars through the sale...

Stock

Enthusiasm is needed to drive an uptrend, but sometimes enthusiasm can go too far. That is why technical analysts like to use various sentiment...

Disclaimer: happyretirementstories.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


Copyright © 2024 happyretirementstories.com