The post Crypto investor loses $3M in advanced phishing attack appeared on BitcoinEthereumNews.com. An unidentified crypto investor has lost over $3 million in a highly coordinated phishing attack after unknowingly authorizing a malicious contract. On Sept. 11, blockchain investigator ZachXBT first flagged the incident, revealing that the victim’s wallet was drained of $3.047 million in USDC. The attacker quickly swapped the stablecoins for Ethereum and funneled the proceeds into Tornado Cash, a privacy protocol often used to obscure the flow of stolen funds. How the exploit occurred SlowMist founder Yu Xian explained that the compromised address was a 2-of-4 Safe multi-signature wallet. He explained that the breach originated from two consecutive transactions in which the victim approved transfers to an address that mimicked their intended recipient. The attacker crafted the fraudulent contract so that its first and last characters mirrored the legitimate one, making it difficult to detect. Xian added that the exploit took advantage of the Safe Multi Send mechanism, disguising the abnormal approval inside what appeared to be a routine authorization. He wrote: Wall Street Doesn’t Want You to See This… Get 5 days of high-level strategies the pros use to win in crypto. Limited seats available — claim yours now. Brought to you by CryptoSlate Nice 😎 Your first lesson is on the way. Please add [email protected] to your email whitelist. “This abnormal authorization was hard to detect because it wasn’t a standard approve.” According to Scam Sniffer, the attacker had prepared the ground well in advance. They deployed a fake but Etherscan-verified contract nearly two weeks earlier, programming it with multiple “batch payment” functions to look legitimate. On the day of the exploit, the malicious approval was executed through the Request Finance app interface, giving the attacker access to the victim’s funds. In response, Request Finance acknowledged that a malicious actor had deployed a counterfeit version of its Batch… The post Crypto investor loses $3M in advanced phishing attack appeared on BitcoinEthereumNews.com. An unidentified crypto investor has lost over $3 million in a highly coordinated phishing attack after unknowingly authorizing a malicious contract. On Sept. 11, blockchain investigator ZachXBT first flagged the incident, revealing that the victim’s wallet was drained of $3.047 million in USDC. The attacker quickly swapped the stablecoins for Ethereum and funneled the proceeds into Tornado Cash, a privacy protocol often used to obscure the flow of stolen funds. How the exploit occurred SlowMist founder Yu Xian explained that the compromised address was a 2-of-4 Safe multi-signature wallet. He explained that the breach originated from two consecutive transactions in which the victim approved transfers to an address that mimicked their intended recipient. The attacker crafted the fraudulent contract so that its first and last characters mirrored the legitimate one, making it difficult to detect. Xian added that the exploit took advantage of the Safe Multi Send mechanism, disguising the abnormal approval inside what appeared to be a routine authorization. He wrote: Wall Street Doesn’t Want You to See This… Get 5 days of high-level strategies the pros use to win in crypto. Limited seats available — claim yours now. Brought to you by CryptoSlate Nice 😎 Your first lesson is on the way. Please add [email protected] to your email whitelist. “This abnormal authorization was hard to detect because it wasn’t a standard approve.” According to Scam Sniffer, the attacker had prepared the ground well in advance. They deployed a fake but Etherscan-verified contract nearly two weeks earlier, programming it with multiple “batch payment” functions to look legitimate. On the day of the exploit, the malicious approval was executed through the Request Finance app interface, giving the attacker access to the victim’s funds. In response, Request Finance acknowledged that a malicious actor had deployed a counterfeit version of its Batch…