Phishing Group Exploits Restaking Platforms with New Attack Vector
Analysts at Blockaid have raised an alarm about a phishing group called Angel Drainer, which has started using a new attack vector to target restaking platforms. According to Blockaid, the group is carrying out an approval farming attack through the “queueWithdrawal” function of the EigenLayer platform. This allows the attacker to withdraw staking rewards to their own address. The unique nature of this approval method makes it difficult for security providers to detect and validate. The attacker also utilizes the “CREATE2” mechanism to approve withdrawals to an empty address, further evading detection. Blockaid has notified EigenLayer about the ongoing attack, and EigenLayer has urged its users to remain vigilant against phishing attacks.
Restaking Rewards and Ethereum Stakers
EigenLayer’s restaking rewards provide Ethereum (ETH) stakers with additional tokens that can be restaked in other decentralized applications. This allows stakers to participate in governance protocols while preserving their options. However, Angel Drainer’s attack exploits the approval process within EigenLayer to redirect staking rewards to the attacker’s address.
Blockaid Discovers New Attack Vector
Blockaid’s analysts have discovered that Angel Drainer is using a new attack vector targeting restaking platforms. The group is performing an approval farming attack through the “queueWithdrawal” function of the EigenLayer platform. This allows them to withdraw staking rewards to their own address. Blockaid has shared affected wallet addresses and is implementing a fix to protect users.
Unique Approval Method Evades Detection
The approval method used by Angel Drainer in this attack is different from regular ERC20 approvals, making it challenging for security providers and internal tools to detect and validate. The attacker also employs the “CREATE2” mechanism to approve withdrawals to an empty address, further avoiding detection. Blockaid has notified EigenLayer about the ongoing attack, and EigenLayer has warned its users to be cautious of phishing attacks.
Hot Take: Restaking Platforms Vulnerable to Approval Farming Attacks
Restaking platforms are facing a new threat from phishing group Angel Drainer, which is exploiting a unique approval farming attack vector. By targeting the “queueWithdrawal” function of the EigenLayer platform, the attacker can withdraw staking rewards to their own address. This method evades detection due to its distinctive nature and the use of the “CREATE2” mechanism. Security providers and internal tools struggle to parse and validate this type of approval. Users of restaking platforms should remain vigilant against phishing attacks and take necessary precautions to protect their assets.
Noah Rypton stands as an enigmatic fusion of crypto analyst, relentless researcher, and editorial virtuoso, illuminating the uncharted corridors of cryptocurrency. His odyssey through the crypto realms reveals intricate tapestries of digital assets, resonating harmoniously with seekers of all stripes. Noah’s ability to unfurl the labyrinthine nuances of crypto intricacies is elegantly interwoven with his editorial finesse, transmuting complexity into an engaging symphony of comprehension.