A notorious phishing group, Angel Drainer, has pulled off yet another heist, this time targeting unsuspecting users with a malicious Safe vault contract. Through a cunning exploitation of Etherscan's verification tool, the group managed to abscond with over $400,000 from 128 crypto wallets.
The Deceptive Scheme
The attack unfolded on February 12, at dawn, as Angel Drainer unleashed a nefarious Safe vault contract. This contract, disguised with Etherscan's verification flag, lured 128 wallets into signing a "Permit2" transaction, resulting in the theft of $403,000 worth of funds.
False Sense of Security
Blockaid, a blockchain security firm, emphasized that the scammers exploited Etherscan's verification tool to create a false illusion of legitimacy. Despite the attack not directly targeting Safe, the use of its vault contract added a layer of deception, leading victims to believe they were interacting with a secure platform.
A History of Exploits
Angel Drainer, operational for just a year, has already orchestrated multiple high-profile attacks, raking in over $25 million from nearly 35,000 wallets. From the Ledger Connect Kit hack to the Eigenlayer restake farming attack, the group's track record is marred with sophisticated cybercrimes.
Escalating Threats
Phishing attacks in the crypto space are on the rise, with approximately 40,000 users falling victim to scams in January alone, resulting in a staggering loss of $55 million. Scam Sniffer's data suggests that these incidents are outpacing previous years, posing significant challenges to security measures.
Combatting the Threat
While security providers work tirelessly to combat such threats, the evolving nature of cybercrime demands increased vigilance from users and platforms alike. Education, awareness, and robust security protocols are crucial in mitigating the risks posed by malicious actors in the crypto sphere.