Angel Drainer’s Phishing Scheme
Blockaid, a Web3 security firm, recently reported a major security breach involving the notorious phishing group Angel Drainer. The group targeted 128 crypto wallets and successfully drained them of their funds, amounting to over $403,000.
The attack began on February 12th at 6:41 am when Angel Drainer deployed a Safe Vault contract to lure users. Unaware of the scam, these users signed a “Permit2” with the Safe Vault as the operator. This exploit granted the hackers unlimited approval to move funds across different smart contracts.
Blockaid emphasized that this attack was not specifically targeting Safe, and its users were not broadly impacted. Angel Drainer used the Safe Vault contract because it automatically adds a verification flag to Safe contacts. However, this verification tool can provide a false sense of security as it does not validate whether the contract is malicious or not.
Blockaid has notified the Safe team and is working with customers and partners to mitigate the attack’s impact. Safe has yet to issue a statement regarding this incident.
Angel Drainer’s History of Attacks
Angel Drainer has been active for over a year and has drained over $25 million from nearly 35,000 wallets. They were responsible for the Ledger supply chain attack, which resulted in the loss of over $480,000 from various wallets.
Recently, the group executed a ‘Restake Farming attack’ by introducing a novel form of approval farming through the ‘queueWithdrawal’ mechanism on the EigenLayer protocol. This attack allowed the group to withdraw staking rewards from a user’s wallet to any address they chose.
Security Breaches in the Crypto Space
Security breaches in the crypto space continue to deter widespread adoption. These attacks highlight the need for improved security measures and increased awareness among crypto users to protect their funds.