Crypto

Web3 anti-scam sleuth uncovers phishing attack that drained $4.2m using a malicious opcode

Odin AI

Massive Loss of aEthWETH and aEthUNI Tokens

An alarming incident on January 22 left an anonymous individual bereft of $4.2 million in aEthWETH and aEthUNI tokens. This substantial loss was the direct result of a phishing attack that cleverly exploited a malicious opcode during transaction verifications.

The Mechanism of the Phishing Attack

The attack was orchestrated through the use of a falsified ERC-20 permission signature. The victim unwittingly signed off on several transactions, which were manipulated by an opcode contract that circumvented standard security alerts. This breach resulted in the creation of new addresses for each signature prior to the execution of the transactions, thereby siphoning the victim’s funds to an unauthorized address controlled by the attacker.

Understanding Opcode Malware in Cryptocurrency

Opcode malware represents a significant threat within the cryptocurrency domain. It leverages the operation codes integral to the scripting languages of various cryptocurrency platforms. These malicious codes can perform actions such as redirecting cryptocurrency to an attacker’s wallet, allowing unauthorized spending of users’ funds, or even freezing assets contained within a smart contract.

Importance of Diligence in Transaction Signing

The crypto researcher known as @realscamsniffer emphasizes the utmost caution during the transaction signing and approval process. Users should heed warnings from Web3 wallet applications and rigorously adopt the ‘do your own research’ (DYOR) approach to safeguard against the myriad forms of phishing and scams prevalent in the crypto ecosystem.

Previous Incidents and Annual Losses to Phishing Attacks

In an unfortunate event last November, a Uniswap user lost over $700,000 due to a probable configuration error that attracted MEV bots, which prioritize profit maximization by manipulating transaction orders within a block. Furthermore, the annual report by @realscamsniffer highlights that users faced nearly $295 million in losses to phishing attacks in 2023 alone, with phishing being the preferred tactic among cybercriminals in the space.

Related Posts

Socket Recovers 1,032 ETH After Bridge Protocol Exploit

Socket, a blockchain protocol, successfully recovers 1,032 Ethereum (ETH) after an exploit. The recovery amounts to approximately 2.3 million ETH at current rates. The exploit was addressed by the Socket team in a post on January 23.

Coinbase’s Paul Grewal criticizes U.S. GAO’s report on crypto and sanctions evasion

Paul Grewal, Chief Legal Officer of Coinbase, has strongly criticized the recent crypto report from the U.S. Government Accountability Office (GAO), calling it ‘shoddy work’ and accusing it of sensationalizing crypto’s role in sanctions evasion. Grewal’s comments highlight his disagreement with the report’s findings and emphasize the need for accurate and informed analysis of the crypto industry.

Leave a Reply

Your email address will not be published. Required fields are marked *
en_USEnglish
en_USEnglish