Phishing Attack Costs Crypto User $4.2 Million in aEth Tokens

A crypto user has lost $4.2 million worth of aEthWETH and aEthUNI tokens after falling victim to a phishing attack that exploited a feature of ERC-20 contracts. The incident was detected by Scam Sniffer, a crypto investigation firm, on January 22.

According to Scam Sniffer, the user with the address 0x17… 3487 signed multiple ERC-20 Permit transactions, which allow users to approve token transfers without paying gas fees. However, the attacker used a malicious contract with the opcode CREATE2, which can generate new addresses for each signature and bypass security warnings. The attacker then redirected the user’s funds to their own address.

This is not the first time that this technique has been used to steal crypto assets. In August 2023, Slow Mist, a crypto security firm, reported a similar case that resulted in $3 million worth of crypto being stolen.

Scam Sniffer warned that crypto users need to be very careful when signing transactions, especially paying attention to the alerts from their Web3 wallets. They also advised users to educate themselves about the different types of phishing, including signature phishing. According to a recent report by Scam Sniffer, crypto users lost nearly $295 million to impersonation attacks in 2023, making it the most common form of scam in the crypto space.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

Follow us on Reddit

You might also like