Cybercriminals use Etherscan verification to hide their harmful smart contracts. This incident demonstrates how crypto-phishing gangs are always adapting their methods.
The infamous phishing ring Angel Drainer recently compromised 128 cryptocurrency wallets and stole more than $400,000. The gang used a novel strategy, deploying a malicious SafeVault contract that hid its evil nature using Etherscan’s verification tool. Security company Blockaid, which specializes in blockchain technology, has provided insight into the matter, explaining the attack’s complexities and their consequences.
The attack by Angel Drainer began with the deployment of a malicious Safe Vault contract. The fast capture of 128 people who had signed a “Permit2” transaction without realizing it resulted in the theft of $403,000.
In a post on X on February 13th, Blockaid explained the attack’s tactics, drawing attention to how the fake contract was made to seem legitimate by using Etherscan’s verification tool.
Using Etherscan’s verification tool was the clever part of Angel Drainer’s scheme. The organization was able to conceal its harmful intentions behind the Safe Vault contract by using this feature to give victims a false feeling of security.
The phishing attempt was successful because Etherscan automatically added a verification mark to valid contracts, which increased the attack’s effect.
According to Blockaid, the target of the attack was not people using Safe specifically. Because of Etherscan’s verification flag functionality, which might trick users into thinking the Safe Vault contract is legitimate, Angel Drainer decided to utilize a different contract instead.
There has been no impact on Safe’s user base, despite the high-tech assault and the large amount stolen. Blockaid has quickly alerted Safe of the vulnerability and is working together to limit any harm.
Also Read: Ethereum Enthusiasts Discuss ERC-404 Token Standard Spark Volatiles February 14, 2024
Wallets