New ‘sophisticated’ phishing exploit drains $3M in USDC from multi-sig wallet
An unidentified crypto investor has misplaced over $3 million in a extremely coordinated phishing assault after unknowingly authorizing a malicious contract.
On Sept. 11, blockchain investigator ZachXBT first flagged the incident, revealing that the sufferer’s wallet was drained of $3.047 million in USDC.
The attacker shortly swapped the stablecoins for Ethereum and funneled the proceeds into Tornado Cash, a privateness protocol usually used to obscure the move of stolen funds.
How the exploit occurred
SlowMist founder Yu Xian explained that the compromised deal with was a 2-of-4 Safe multi-signature wallet.
He defined that the breach originated from two consecutive transactions in which the sufferer authorised transfers to an deal with that mimicked their meant recipient.
The attacker crafted the fraudulent contract in order that its first and final characters mirrored the authentic one, making it tough to detect.
Xian added that the exploit took benefit of the Safe Multi Send mechanism, disguising the irregular approval inside what seemed to be a routine authorization.
He wrote:
“This irregular authorization was laborious to detect as a result of it wasn’t an ordinary approve.”
According to Scam Sniffer, the attacker had ready the bottom effectively in advance. They deployed a pretend however Etherscan-verified contract practically two weeks earlier, programming it with a number of “batch cost” capabilities to look authentic.
On the day of the exploit, the malicious approval was executed via the Request Finance app interface, giving the attacker entry to the sufferer’s funds.
In response, Request Finance acknowledged {that a} malicious actor had deployed a counterfeit model of its Batch Payment contract. The firm famous that just one buyer was affected and confused that the vulnerability has since been patched.
Still, Scam Sniffer highlighted broader considerations in regards to the phishing incident.
The blockchain safety agency warned that related exploits might stem from a number of vectors, together with app vulnerabilities, malware or browser extensions modifying transactions, compromised front-ends, or DNS hijacking.
More importantly, using verified contracts and near-identical addresses illustrates how attackers are refining their strategies to bypass person scrutiny.
The put up New ‘sophisticated’ phishing exploit drains $3M in USDC from multi-sig wallet appeared first on CryptoSlate.
