In a recent attack, the Angel Drainer phishing group managed to siphon off approximately $400,000 from 128 crypto wallets by employing a new strategy. The group exploited Etherscan’s verification tool to conceal the malicious intent of a smart contract, as revealed by Blockaid, a renowned blockchain security company, on X, formerly known as Twitter. The attack commenced at 6:40 am on February 12, 2024.
The Angel Drainer focused on infiltrating a Safe vault contract, enticing users to unknowingly authorize a ‘Permit2′ transaction on the compromised contract, resulting in the theft of $403,000. By specifically targeting a Safe vault contract, the group aimed to deceive users into believing they were safe, a common tactic in crypto phishing schemes. Notably, Etherscan’s automatic validation of Safe contracts contributed to users’ false sense of security.
Blockaid clarified that the assault did not directly target Safe and had minimal impact on its user base. The security firm promptly alerted Safe of the attack and took active measures to mitigate any potential further harm. Wallet drainers, a category that includes groups like Angel Drainer, typically execute their fraudulent schemes by deploying malicious software on fake websites, tricking users into approving harmful transactions, thereby facilitating the unauthorized withdrawal of assets from their cryptocurrency wallets.
According to Scam Sniffer, a prominent Web3 anti-scam platform, wallet drainers have stolen over $295 million from approximately 324,000 individuals in the past year alone. Despite the closure of similar groups like Inferno Drainer, the continued presence of Angel Drainer underscores a concerning trend in the crypto space. Data suggests that Angel Drainer has pilfered over $25 million from nearly 35,000 wallets within just a year since its inception.