“Insane!” is how the security company team described it Scam sniffer about a phishing attack that took place last Sunday (21). According to a report, hackers used sophisticated methods to empty the victim’s wallet.
The attack took place on the Ethereum network, where the investor had millions in aEthWETH and aEthUNI, a way to use ETH within the Aave platform. “The victim has signed multiple ERC20 consent signatures and these token issuers are a temporary address precomputed by CREATE2.said Scam Sniffer.
This scam has been on the market since 2023. Recently, Scam Sniffer highlighted that the CREATE2 opcode “Allows you to predict the address of a contract before it is deployed to the Ethereum network”. In other words, the hacker can generate new temporary addresses for each malicious signature, which is a problem because wallets cannot detect the attack.
“As for the motivation behind this, we suspect it is to bypass some wallet security controls. A new address means that there is no meaningful information in the chain to estimate the risk of the address.”
In addition to the case that took place last Sunday (21), the company had already discovered a theft of R$4.5 million in an attack involving GMX tokens in November. The total number is even higher, exceeding the value of R$300 million in recent months.
Company provides security tips to protect yourself
According to Scam Sniffer, these phishing attempts generally start in five places: Twitter, Discord, airdrops, malicious ads, and compromised front ends.
In the case of Twitter, it could be the loss of the account, as with the SEC, or simple spam. That’s why it’s important not to click on everything you see, even if it is a trustworthy profile. The same thing happens with Discord, where people’s accounts and bots serve as tools for hackers.
Since the community is excited about airdrops in 2024, these can also be used by hacks to launch the attack. This applies to both tokens and NFTs.
For those who are already more into smart contracts, Scam Sniffer also lists a series of features that deserve attention. Perhaps the most famous is the Set approval for everythingwhich has already generated millionaire losses, but others face the same risks.
Finally, the company estimates that around 100,000 investors have already fallen for such scams. The amount lost reached US$60.7 million ($298 million) in November last year, while in this week’s case it exceeded US$300 million.
Source: Live Coins
Barry Siefert is an accomplished journalist and author at The Nation View. He is known for his expertise in the field of cryptocurrency, and has written extensively on the topic. With a background in finance and economics, Barry has a deep understanding of the underlying technology and market forces that drive the crypto industry.
