Angel Drainer Hackers Steal $400,000 in Cryptocurrency
Date: 2024-02-19 Author: Dima Zakharov Categories: IN WORLD
New Tactic Unveiled
A phishing group known as Angel Drainer has successfully pilfered more than $400,000 from 128 crypto wallets, employing a fresh modus operandi. The cybercriminals leveraged the Etherscan blockchain explorer to camouflage the malicious nature of their smart contract.
The Attack Unfolds
According to blockchain security firm Blockaid, the assault commenced on the morning of February 12, 2024. Angel Drainer deployed a malicious Safe storage contract, leading users to unwittingly authorize transactions via the compromised Permit2 contract, resulting in the $403,000 theft.
False Sense of Security
By selecting the Safe storage contract, Angel Drainer attempted to instill a false sense of security among users, a common ploy in crypto phishing schemes, as Etherscan automatically verifies safe contracts.
Immediate Response
Blockaid emphasized that the primary target was not Safe storage itself but its user base. Security experts promptly notified Safe of the attack and provided assistance in mitigating further damage.
Modus Operandi
Typically, perpetrators execute their schemes by installing malware on fraudulent websites to deceitfully prompt users to approve unwanted transactions, leading to unauthorized asset withdrawals from their crypto wallets.
Escalating Threat
According to Web3 Scam Sniffer, a fraud-fighting platform, since its inception a year ago, the Angel Drainer group has stolen over $25 million from nearly 35,000 wallets, highlighting the escalating threat posed by such cybercriminal activities.
