Angel Drainer Phishing Group Steals $400,000 from Crypto Wallets
An analysis reveals that the Angel Drainer phishing group managed to steal over $400,000 from 128 crypto wallets using a new strategy. The group exploited Etherscan’s verification tool to hide the malicious nature of a smart contract.
Attack Timeline and Details
The attack initiated at 6:40 am on February 12, 2024, according to Blockaid, a popular blockchain security company.
Subscribe to our Social Media for Exclusive Crypto News and Insights 24/7!
Angel Drainer Targets Safe Vault Contract
Angel Drainer deployed a malicious Safe vault contract, tricking users into authorizing a ‘Permit2′ transaction on the compromised contract and resulting in the theft of $403,000. By targeting a Safe vault contract, Angel Drainer capitalized on users’ trust in Etherscan’s automatic validation process for Safe contracts.
Minimal Impact on Safe Users
Blockaid emphasized that the attack was not directly aimed at Safe and had minimal impact on its user base. The security firm promptly informed Safe about the attack and actively worked to mitigate further damage.
Rise of Wallet Drainers
Wallet drainers are notorious for installing malicious software on fraudulent websites to deceive users into approving harmful transactions. In the past year alone, these scammers have stolen over $295 million from around 324,000 individuals.
Angel Drainer’s Troubling Trend
Despite previous crackdowns on groups like Inferno Drainer, Angel Drainer’s activities highlight an alarming trend. Since its inception, Angel Drainer has stolen more than $25 million from nearly 35,000 wallets within just one year.
