The notorious hacking group known as Angel Drainer has allegedly stolen more than $400,000 from 128 cryptocurrency wallets using a new attack method. This attack exploited Etherscan’s verification tool to disguise a malicious smart contract. The attack began at 6:40 am on February 12 when Angel Drainer deployed a malicious vault contract called Safe. This information was revealed in a post from blockchain security firm Blockaid on February 13.
The scammers targeted 128 wallets and initiated a “Permit2” transaction on the Safe vault contract, resulting in the theft of $403,000. Blockaid explained that the use of the Safe vault contract was intended to create a false sense of security, as Etherscan automatically adds a verification flag to confirm its legitimacy. Blockaid emphasized that this incident was not a direct attack on Safe itself and that its user base was not greatly affected. The security firm has notified Safe about the attack and is working to minimize further damage.
In a post on February 5, Blockaid revealed that Angel Drainer, which has only been operating for a year, has managed to drain more than $25 million from nearly 35,000 wallets. The hacking group has been responsible for notable attacks such as the $484,000 Ledger Connect Kit hack and the EigenLayer restake farming attack.
The restake farming attack involved Angel Drainer implementing a malicious function called queueWithdrawal. Once users signed this function, their staking rewards were withdrawn to an address chosen by the attackers.
In January, approximately 40,000 users on platforms like OpenSea, Optimism, zkSync, Manta Network, and SatoshiVM fell victim to phishing attacks, resulting in a combined loss of $55 million. This data comes from Scam Sniffer, a Web3 scam tracker. According to Scam Sniffer’s 2023 Wallet Drainers Report, this figure is on track to surpass the total losses of $295 million in 2023.
Overall, Angel Drainer has become a significant threat in the cryptocurrency space, causing substantial financial losses for individuals and organizations. The need for enhanced security measures to protect against phishing attacks and malicious smart contracts is evident in order to safeguard the integrity of the crypto ecosystem.