128 Crypto Wallets Drained by Angel Drainer Phishing Group
Web3 security firm Blockaid recently reported another significant security breach that Angel Drainer carried out. The notorious phishing group is said to have drained 128 crypto wallets of their funds.
How These Wallets Were Drained
Blockaid revealed in an X (formerly Twitter) post that Angel Drainer phished users and led them to a single Safe Vault contract, where the group then managed to drain these wallets of over $403,000. The incident began on February 12th with the phishing group deploying a Safe Vault contact to lure these users.
Unaware of the scam, these users signed a “Permit2 with this Safe Vault as the operator.” This exploit allowed the hackers unlimited approval to move funds across different smart contracts. Blockaid clarified that this wasn’t an attack on Safe and its users were not broadly impacted.
Angel Drainer chose the Safe Vault contract because Etherscan’s verification flag can provide a false sense of security, unrelated to validating whether or not the contract is malicious. Blockaid has informed the Safe team and is working with customers and partners to limit the attack’s impact. Safe has not issued any statement about this incident.
The Infamous Angel Drainer Group
Blockaid recently highlighted how the Angel Drainer Group celebrated one year in operation, during which they drained over $25 million from nearly 35,000 wallets. They were also responsible for the Ledger supply chain attack, which resulted in over $480,000 being drained from various wallets.
Recently, the group carried out a ‘Restake Farming attack’ using a novel form of approval farming through the ‘queueWithdrawal’ mechanism on the EigenLayer protocol. By signing the ‘queueWithdrawal’ transaction, the attacker could withdraw the wallet’s staking rewards to any address they chose.
Security breaches in the crypto space remain a deterrent to crypto adoption.
Chart from Tradingview