Angel Drainer Cyber Gang Hacks $400K from Crypto Wallets Using New Attack Method
Summary:
The notorious cyber scam group, Angel Drainer, is reported to have stolen over $400,000 from 128 cryptocurrency wallets using a new attack method. The group exploited the Etherscan verification tool to mask a malicious smart contract. Blockchain security company Blockaid stated that the attack was not directly targeted at Safe, but its user network was impacted. Despite only being operational for a year, Angel Drainer has already drained more than $25 million from nearly 35,000 wallets. Recent attacks also include a nearly half-million-dollar Ledger Connect Kit heist and an Eigenlayer restake farming assault.
The infamous cyber scam gang Angel Drainer has reportedly siphoned off more than $400,000 from 128 cryptocurrencies wallets using a novel assault method. This strategy exploited Etherscan's verification mechanism, which is used to camouflage a harmful smart contract. According to a write-up by blockchain security company Blockaid on February 13, the attack began on February 12 at 6:40 am as the cybercriminals launched a harmful Safe vault contract previously known as Gnosis Safe. Subsequently, 128 wallets were manipulated to sign a "Permit2" transaction on this Safe vault contract, which resulted in a total loss of $403,000.
Blockaid informed that the fraudsters employed the Safe vault contract mainly for creating an illusion of safety, as Etherscan automatically sets a verification flag to validate it as a genuine contract. It insisted that the incident was not directly targeted at Safe, and its user network had not been largely hit. The security company also mentioned that it had informed Safe about the attack and was making efforts to prevent further losses.
Despite being operational for only a year, Angel Drainer has successfully drained over $25 million from nearly 35,000 wallets, as stated by Blockaid in a post on February 5. Some of the most significant attacks by Angel Drainer in recent times include the $484,000 Ledger Connect Kit heist and the Eigenlayer restake farming assault. The farming attack saw the perpetrators introduce a harmful queueWithdrawal function that, once approved by users, would extract staking rewards to an attacker-chosen address.
Scam Sniffer, a Web3 scam tracker, revealed that approximately 40,000 users on platforms including OpenSea, Optimism, zkSync, Manta Network, and SatoshiVM fell prey to phishing attacks in January, resulting in a total loss of $55 million. This figure is likely to exceed 2023’s total of $295 million, as per Scam Sniffer’s report for 2023.
Published At
2/14/2024 7:50:07 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.