Web3 anti-scam sleuth uncovers phishing attack that drained $4.2m using a malicious opcode

Massive Loss of aEthWETH and aEthUNI Tokens

An alarming incident on January 22 left an anonymous individual bereft of $4.2 million in aEthWETH and aEthUNI tokens. This substantial loss was the direct result of a phishing attack that cleverly exploited a malicious opcode during transaction verifications.

The Mechanism of the Phishing Attack

The attack was orchestrated through the use of a falsified ERC-20 permission signature. The victim unwittingly signed off on several transactions, which were manipulated by an opcode contract that circumvented standard security alerts. This breach resulted in the creation of new addresses for each signature prior to the execution of the transactions, thereby siphoning the victim’s funds to an unauthorized address controlled by the attacker.

Understanding Opcode Malware in Cryptocurrency

Opcode malware represents a significant threat within the cryptocurrency domain. It leverages the operation codes integral to the scripting languages of various cryptocurrency platforms. These malicious codes can perform actions such as redirecting cryptocurrency to an attacker’s wallet, allowing unauthorized spending of users’ funds, or even freezing assets contained within a smart contract.

Importance of Diligence in Transaction Signing

The crypto researcher known as @realscamsniffer emphasizes the utmost caution during the transaction signing and approval process. Users should heed warnings from Web3 wallet applications and rigorously adopt the ‘do your own research’ (DYOR) approach to safeguard against the myriad forms of phishing and scams prevalent in the crypto ecosystem.

Previous Incidents and Annual Losses to Phishing Attacks

In an unfortunate event last November, a Uniswap user lost over $700,000 due to a probable configuration error that attracted MEV bots, which prioritize profit maximization by manipulating transaction orders within a block. Furthermore, the annual report by @realscamsniffer highlights that users faced nearly $295 million in losses to phishing attacks in 2023 alone, with phishing being the preferred tactic among cybercriminals in the space.

Leave a Reply

Your email address will not be published. Required fields are marked *

en_USEnglish