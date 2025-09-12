Crypto investor loses $3M in advanced phishing attack

Par : BitcoinEthereumNews
2025/09/12 19:22
Threshold
T$0.01644+0.85%
GET
GET$0.007707-10.12%
USDCoin
USDC$0.9997--%
BRC20.COM
COM$0.015989-0.99%
Safe Token
SAFE$0.4588+4.77%

An unidentified crypto investor has lost over $3 million in a highly coordinated phishing attack after unknowingly authorizing a malicious contract.

On Sept. 11, blockchain investigator ZachXBT first flagged the incident, revealing that the victim’s wallet was drained of $3.047 million in USDC.

The attacker quickly swapped the stablecoins for Ethereum and funneled the proceeds into Tornado Cash, a privacy protocol often used to obscure the flow of stolen funds.

How the exploit occurred

SlowMist founder Yu Xian explained that the compromised address was a 2-of-4 Safe multi-signature wallet.

He explained that the breach originated from two consecutive transactions in which the victim approved transfers to an address that mimicked their intended recipient.

The attacker crafted the fraudulent contract so that its first and last characters mirrored the legitimate one, making it difficult to detect.

Xian added that the exploit took advantage of the Safe Multi Send mechanism, disguising the abnormal approval inside what appeared to be a routine authorization.

He wrote:

According to Scam Sniffer, the attacker had prepared the ground well in advance. They deployed a fake but Etherscan-verified contract nearly two weeks earlier, programming it with multiple “batch payment” functions to look legitimate.

On the day of the exploit, the malicious approval was executed through the Request Finance app interface, giving the attacker access to the victim’s funds.

In response, Request Finance acknowledged that a malicious actor had deployed a counterfeit version of its Batch Payment contract. The company noted that only one customer was affected and stressed that the vulnerability has since been patched.

Still, Scam Sniffer highlighted broader concerns about the phishing incident.

The blockchain security firm warned that similar exploits could stem from several vectors, including app vulnerabilities, malware or browser extensions modifying transactions, compromised front-ends, or DNS hijacking.

More importantly, the use of verified contracts and near-identical addresses illustrates how attackers are refining their methods to bypass user scrutiny.

Mentioned in this article

Source: https://cryptoslate.com/new-sophisticated-phishing-exploit-drains-3m-in-usdc-from-multi-sig-wallet/

Clause de non-responsabilité : les articles republiés sur ce site proviennent de plateformes publiques et sont fournis à titre informatif uniquement. Ils ne reflètent pas nécessairement les opinions de MEXC. Tous les droits restent la propriété des auteurs d'origine. Si vous estimez qu'un contenu porte atteinte aux droits d'un tiers, veuillez contacter [email protected] pour demander sa suppression. MEXC ne garantit ni l'exactitude, ni l'exhaustivité, ni l'actualité des contenus, et décline toute responsabilité quant aux actions entreprises sur la base des informations fournies. Ces contenus ne constituent pas des conseils financiers, juridiques ou professionnels, et ne doivent pas être interprétés comme une recommandation ou une approbation de la part de MEXC.
Partager des idées

Vous aimerez peut-être aussi

$405M Raised: BlockDAG Overcome MAGACOIN, Pepenode & BlockchainFX

$405M Raised: BlockDAG Overcome MAGACOIN, Pepenode & BlockchainFX

As crypto markets mature in 2025, presale investors are focusing less on hype and more on fully connected systems. Strong presale crypto projects in 2025 are those showing technical readiness, The post $405M Raised: BlockDAG Overcome MAGACOIN, Pepenode & BlockchainFX appeared first on CryptoNinjas.
Hyperliquid
HYPE$56.09+4.12%
Moonveil
MORE$0.095-5.45%
Partager
Crypto Ninjas2025/09/12 19:04
Partager
New ModStealer malware targets crypto wallets across operating systems

New ModStealer malware targets crypto wallets across operating systems

PANews reported on September 12 that according to Cointelegrap, according to research by security company Mosyle, the newly discovered malware ModStealer is targeting cryptocurrency users on macOS, Windows, and Linux systems to steal wallet private keys and login credentials. The malware was not detected by mainstream antivirus engines for nearly a month after being uploaded to the VirusTotal platform. ModStealer is spread through fake recruitment advertisements, especially targeting Web3 developers. After the user installs the malware package, the program will be embedded in the system background and run, stealing clipboard data, taking screenshots, and executing remote commands. Its code specifically targets Safari and Chromium browser wallet extensions. ModStealer persists on macOS by registering a background agent. The server is located in Finland but may use German infrastructure to mask the operator's source. The technical director of blockchain security company Hacken recommends developers verify the authenticity of the hiring company and domain name, share testing tasks through public code repositories, and open files in a temporary virtual machine without a wallet or private keys. He also emphasizes the need to strictly separate development environments from wallet storage environments, use hardware wallets, and verify transaction addresses on the device's display.
MAY
MAY$0.04499+1.76%
PUBLIC
PUBLIC$0.06305-4.04%
Virtuals Protocol
VIRTUAL$1.2781+4.10%
Partager
PANews2025/09/12 19:19
Partager
Mexico's third-richest man once again increased his holdings of Bitcoin, calling it a "shield against inflation"

Mexico's third-richest man once again increased his holdings of Bitcoin, calling it a "shield against inflation"

PANews reported on June 20 that Ricardo Salinas Pliego, the third richest man in Mexico and founder of Grupo Salinas, recently said that he has significantly increased his Bitcoin holdings
Matrix AI Network
MAN$0.00687-4.58%
Juneo Supernet
JUNE$0.0901-8.89%
Partager
PANews2025/06/20 14:35
Partager

Actualités tendance

Plus

$405M Raised: BlockDAG Overcome MAGACOIN, Pepenode & BlockchainFX

New ModStealer malware targets crypto wallets across operating systems

Mexico's third-richest man once again increased his holdings of Bitcoin, calling it a "shield against inflation"

Crypto user attacked in France over Ledger hardware wallet — Report

ETHShanghai Hackathon Registration Open: AI×ETH, DeFi×Infra, Public Goods, and Open Source Development Tracks Fully Open