Angel Drainer Stole $403K Victim Using Malicious Safe Contract

Notorious phishing group, Angel Drainer, has reportedly stolen over $400,000 from victim’s 128 crypto wallets through a new attack vector, using a malicious Safe Contract.

The attack leveraged Etherscan’s verification tool to cover up the malicious nature of a smart contract.

The attack started at 6:40 am Feb. 12 when Angel Drainer deployed a malicious Safe (formerly Gnosis Safe) vault contract, wrote blockchain security firm Blockaid in a Feb. 13 post to X.

A total of 128 wallets then signed a “Permit2” transaction on the Safe vault contract, leading to $403,000 in funds being stolen.

Blockaid said the scammers used a Safe vault contract specifically to deliver a “false sense of security,” as Etherscan automatically adds a verification flag to confirm it as a legitimate contract.

Blockaid stressed the incident wasn’t a direct attack on Safe and that its user base had not been “broadly impacted.” The security firm added it had notified Safe of the attack and was working to limit further damage.

See Also: Crypto Gaming Platform PlayDapp Lost $290 Million Worth Of PLA Tokens In Two Hack Exploits

“This is not an attack on Safe […] rather they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts, which can provide a false sense of security as it’s unrelated to validating whether or not the contract is malicious.”

Angel Drainer has only been in operation for 12 months but has managed to drain over $25 million from nearly 35,000 wallets, Blockaid stated in a Feb. 5 post X.

The $484,000 Ledger Connect Kit hack and the Eigenlayer restake farming attack are among the most notable attacks committed by Angel Drainer in recent months.

The restake farming attack involved Angel Drainer implementing a malicious queueWithdrawal function which, once signed by users, would withdraw staking rewards to an address of the attacker’s choosing, Blockaid explained.

“Because this is a new kind of approval method, most security providers or internal security tooling does not parse and validate this approval type. So in most cases it’s marked as a benign transaction.”

Approximately 40,000 users on OpenSea, Optimism, zkSync, Manta Network, and SatoshiVM fell victim to phishing attacks in January, losing a combined $55 million, according to Scam Sniffer, a Web3 scam tracker.

The figure is on track to surpass 2023’s figure of $295 million, according to Scam Sniffer’s 2023 Wallet Drainers Report.

#Binance #WRITE2EARN

Source: https://bitcoinworld.co.in/angel-drainer-stole-403k-from-victim-using-malicious-safe-contract/