An unknown crypto investor recently fell victim to a sophisticated phishing attack, resulting in the loss of over $3 million in USDC. The incident was first brought to light by blockchain investigator ZachXBT on Sept. 11, who discovered that the victim’s wallet had been emptied of $3.047 million in stablecoins.
The attacker swiftly converted the stolen funds into Ethereum and then funneled them through Tornado Cash, a privacy protocol commonly used to obscure the origins of illicitly obtained assets.
The exploit itself targeted a 2-of-4 Safe multi-signature wallet, as explained by SlowMist founder Yu Xian. The breach occurred through two consecutive transactions in which the victim unknowingly authorized transfers to an address that closely mimicked the intended recipient. The fraudulent contract was designed to closely resemble the legitimate one, making it challenging to identify the scam.
Xian detailed that the exploit leveraged the Safe Multi Send mechanism, concealing the abnormal approval within what appeared to be a routine transaction authorization. This deceptive tactic made it difficult for the victim to detect the malicious activity.
The attacker had meticulously planned the attack in advance, setting up a fake contract on Etherscan nearly two weeks before the incident. The counterfeit contract included multiple “batch payment” functions to give it an air of legitimacy. On the day of the exploit, the attacker executed the malicious approval through the Request Finance app interface, granting access to the victim’s funds.
Following the incident, Request Finance acknowledged the breach and confirmed that the vulnerability had been patched to prevent future attacks. However, Scam Sniffer highlighted the broader risks associated with phishing attacks, cautioning that similar exploits could arise from various sources such as app vulnerabilities, malware, compromised front-ends, or DNS hijacking.
The use of verified contracts and near-identical addresses demonstrates how attackers are continuously refining their tactics to evade detection and bypass user scrutiny. This incident serves as a stark reminder of the importance of maintaining vigilance and implementing robust security measures when engaging in cryptocurrency transactions.