The Angel Drainer phishing group reportedly stole over $400,000 from 128 cryptocurrency wallets using new tactics. Recent analysis suggests that this notorious organization was misusing his Etherscan verification tools to mask the malicious nature of his smart contracts.
Blockaid, a popular blockchain security company, revealed on X (formerly Twitter) that the attack was launched on February 12, 2024 at 6:40am.
Angel Draenor aims for the vault contract.
Angel Drainer deployed a malicious Safe vault contract that tricked users into falsely approving “Permit2” transactions based on the compromised contract, resulting in the theft of $403,000.
Angel Drainer specifically targeted Safe vault contracts and intended to lull users into a false sense of security as Etherscan automatically validates Safe contracts. This is a classic cryptocurrency phishing scam.
blockade highlighted It said the attack was not a direct attack on Safe and confirmed that the impact on its user base was minimal. The security company immediately notified Safe of the attack and worked proactively to mitigate the possibility of further damage.
“This is not an attack against Safe, and Safe users will not be broadly impacted. Rather, we chose to use this Safe vault contract because Etherscan automatically adds a validation flag to the Safe contract. can give a false sense of security because it has nothing to do with verifying whether the contract is malicious or not. ”
Wandering wallet ejector
Typically, wallet drainers carry out their schemes by installing malicious software on fraudulent websites to trick users into approving harmful transactions, thereby fraudulently withdrawing assets from their cryptocurrency wallets.
Scam Sniffer, a prominent Web3 anti-fraud platform, has flagged cases of wallet drainers that have stolen more than $295 million in assets from approximately 324,000 individuals over the past year.
Angel Drainer's existence reveals a troubling trend of successful theft, even though similar groups like Inferno Drainer have been shut down. Data suggests he has stolen more than $25 million from approximately 35,000 wallets in just one year of operation.
