The post Angel Drainer Targets Users With Malicious Smart Contract appeared on BitcoinEthereumNews.com.

Notorious phishing group Angel Drainer has managed to siphon over $400,000 from over 128 crypto wallets by deploying a malicious Safe vault contract.  This latest attack vector exploited Etherscan’s verification tool, using it to hide the malicious nature of the contract.  Phishing Group Angel Drainer Targets Users  The attack was highlighted by blockchain security firm Blockaid, which shed light on the attack and revealed its nature and ramifications. The attack began on the 12th of February when Angel Drainer deployed a malicious Safe (formerly Gnosis Safe) vault contract. This allowed it to target 128 unsuspecting users who had signed a Permit2 transaction. This led to a total of $403,000 being stolen from these users.  “Today, our researchers discovered yet another emerging attack vector from the Angel Drainer group — this time phishing users and leading them to a single Safe Vault contract where 128 wallets have been drained of $403k+ so far. All Blockaid-protected users are safe.” Attack Used Etherscan’s Verification Tool  Blockaid revealed that Angel Drainer used Etherscan’s verification tool to lend an air of legitimacy to the contract and give the victims a false sense of security. This helped them mask the malicious intent of the contract and present it as a legitimate contract. This was the main reason why the attack was so successful. However, Blockaid stated that this was not a direct attack on Safe, and its user base had not been broadly impacted. It added that Safe had already been notified about the developments and was working to mitigate any further fallout from the incident.  “This is not an attack on Safe […]. Rather, they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts, which can provide a false sense of security as it’s unrelated to validating…

---

Filed under: News - @ February 15, 2024 8:24 pm