The notorious phishing group known as Angel Drainer has reportedly executed another large-scale attack, resulting in the theft of over $400,000 from 128 crypto wallets. The attack utilized a new tactic that exploited Etherscan’s verification tool to mask the malicious nature of a smart contract.
According to a February 13 post from blockchain security firm Blockaid, the attack commenced at 6:40 am on February 12, when Angel Drainer deployed a malicious Safe (formerly Gnosis Safe) vault contract. Subsequently, 128 wallets were coerced into signing a “Permit2” transaction on the Safe vault contract, resulting in the theft of $403,000 in funds.
Blockaid emphasized that the scammers deliberately used a Safe vault contract to create a false sense of security. Etherscan automatically adds a verification flag to such contracts, leading users to believe they are legitimate. This tactic aimed to deceive users and facilitate the theft of funds.
Blockaid clarified that the incident was not a direct attack on Safe and that its user base had not been broadly affected. The security firm promptly notified Safe of the attack and is actively working to mitigate further damage.
Despite being operational for only 12 months, Angel Drainer has already siphoned over $25 million from nearly 35,000 wallets, as stated in Blockaid’s February 5 post. Notable previous attacks include the $484,000 Ledger Connect Kit hack and the EigenLayer restake farming attack.
The crypto community continues to face phishing threats, with approximately 40,000 users falling victim to phishing attacks in January alone, according to Scam Sniffer. These attacks occurred across various platforms, resulting in a combined loss of $55 million.
Scam Sniffer’s 2023 Wallet Drainers Report indicates a worrying trend of increasing losses due to phishing attacks, with the total figure on track to surpass $295 million from the previous year. Such incidents underscore the importance of remaining vigilant and implementing robust security measures in the crypto space.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up