New Crypto Scam Attacks Wallets Without User Approval
Scammers operating in the cryptocurrency sector continue to come up with new ways to steal money from investors. The latest in this sector is a type of token siphon protocol that allows fraudsters to steal contents from a targeted wallet without needing transaction approval.
The scammers have detected an exploit option in ERC-2612 tokens that have a gas-less transfer option. This option allows hackers to drain a wallet using only the digital signature of its owner.
Only ERC-2612 Tokens Show Vulnerability to Such Scams
This latest scam trend has been making rounds on Telegram that helps attacks drain a wallet account with relative ease. However, the good news is that this technique only works on ERC-2612 tokens that have a gas-free transfer option and wallets that do not have any ETH reserves. This method does not need transaction approval and works by tricking the victims into signing a message.
The concerning part is that various new tokens are incorporating the ERC-2612 standard. Therefore, there is a chance that this type of scam attack can gain more popularity.
Cointelegraph contact users who reported losing $600 of Open Exchange (OX) tokens. The affected party has made a visit on a suspicious Telegram group that belonged to the OX developer namely OPNX. Further investigation revealed that this was a phishing scam.
Permit Function of ERC-2612 Standard
OpenZeppelin is a Web 3.0 developer and analyst who recently noted that the permit function is part of the ERC-2612 standard and also added as a new feature in various smart contracts. This function enables wallet transactions that do not have ETH.
However, scammers can exploit the Permit to change the ERC-20 allowance by initiating a message signed by the account. Since this protocol does not use ERC-20, it does not require sending a transaction or holding ETH at all.
With the passage of time, this feature is going to allow wallet developers to generate user-friendly wallets that only contain stablecoins. Meanwhile, a Cointelegraph investigation indicates that scammers can use the same feature to trick account holders into giving away their holdings. The report warned investors that they could lose funds without having to grant a transaction approval.
Bleeping Computer, a major cybersecurity analytics and reporting firm reported that drainers have started to hack into social media accounts. In a report published on 10th January, 2024 the firm noted that a ClINKSINK, drainer-as-a-service (DaaS) was used to hack into the official X account of cybersecurity firm Mandiant.
The Google subsidiary reported that scammers used the account to redirect around 123K followers of the account to a phishing page as a way to steal their crypto credentials.
X Account Hacking
The firm took prompt action against the incident noting that the scammers were able to siphon a minimum of $900,000. The firm conducted an in-depth audit of the matter and identified a syndicate consisting of 35 affiliate IDs all associated with DaaS called Clinksink. As per Mandiant, the operators of this DaaS facilitated drainer scripts in exchange for a percentage of stolen cryptocurrencies.
This affiliate offered drainer scripts to hackers to help them steal cryptocurrencies from investors and get a 20$ share of the exploits. Hackers using these drainer scripts have been breaking into X and Discord accounts and sharing crypto-themed phishing pages impersonating legitimate projects such as Phantom and DappRadar. Hackers have continued to breach X accounts of firms such as Netgear and Hyundai MEA X.
After hacking these accounts, scammers promote fake cryptocurrencies or post spiked links filled with malware and phishing links. CertiK’s X account was also hacked and SEC’s official account was also compromised.
The Bleeping Computer report indicates that X users are also bombarded with a storm of malicious crypto adverts that expose them to suspicious airdrops, scams, crypto, and NFT draining sites. ScamSniffer projection noticed that MS Drainer was linked to $59 million in stolen cryptocurrencies from 63K X users between March and November.