TL;DR
- Angel Drainer steals over $400,000 from 128 wallets with malicious vault contract.
- The phishing group displays alarming sophistication, siphoning off more than $25 million in just 12 months.
- The attack highlights the need for constant surveillance and security measures in the cryptocurrency space.
The phishing group known as Angel Drainer is back with a sophisticated new attack.
This time, they have managed to steal over $400,000 from 128 cryptocurrency wallets using a cunning attack vector that leverages a smart contract verification tool.
The attack, which began on February 12 at 6:40 am, involved the deployment of a malicious vault contract called Safe, formerly known as Gnosis Safe.
Today our researchers discovered yet another emerging attack vector from the Angel Drainer group — this time phishing users and leading them to a single Safe Vault contract where 128 wallets have been drained of $403k+ so far. All Blockaid-protected users are safe. 🧵 pic.twitter.com/niffQDlciG
— Blockaid (@blockaid_) February 13, 2024
What is alarming about this attack is that the perpetrators used the Etherscan verification tool to provide a false sense of security to their victims.
This is because Etherscan automatically adds a verification flag to contracts, which can lead people to mistakenly believe they are legitimate.
The Safe Vault contract was used as a tool to trick people into believing their funds were safe.
However, once 128 wallets signed a “Permit2” transaction on the contract, the funds were quickly drained, resulting in the loss of $403,000 in total.
Despite this attack, it has been highlighted that Angel Drainer has not directly attacked Safe
Instead, it has taken advantage of its structure to carry out its malicious activities.
Additionally, it has been reported that Safe’s user base has not been widely impacted by this incident.
However, Angel Drainer has been operating for only 12 months and has already managed to steal more than $25 million from almost 35,000 wallets.
This indicates the sophistication and scale of this phishing group’s operations.
The most notable attacks carried out by Angel Drainer include the $484,000 Ledger Connect Kit hack and the EigenLayer restore farming attack.
The latter involved the implementation of a malicious withdrawal feature that allowed attackers to direct staking rewards to their own addresses.
This recent attack is just one more example of the constant danger to which blockchain users who lack cybersecurity training are exposed.
It is essential to always be alert and take measures to protect yourself against potential threats, such as using reliable security tools and carefully verifying the legitimacy of contracts and transactions.
