Web3 anti-scam sleuth uncovers phishing attack that drained $4.2m using a malicious opcode
An unknown user lost $4.2 million worth of aEthWETH and aEthUNI tokens on Jan. 22. According to an X crypto researcher under the handle @realscamsniffer, an unidentified person has lost aEthWETH and aEthUNI amounting to $4.2 million after verifying transactions with a falsified ERC-20 permission signature. insane! someone lost $4.20m worth of aEthWETH and aEthUNI to crypto phishing about 40 minutes ago!https://t.co/PqtYbfjrW5 pic.twitter.com/2Nhx4HDQcK — Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 22, 2024 The victim signed approvals for several transactions with an ERC-20 authorization that used an opcode contract to bypass security warnings that created new addresses for each signature before the transaction had been executed, which redirected victims’ funds from the victim to the new unauthorized address. Opcode malware in the context of cryptocurrency hacks refers to malicious software that exploits the operation codes used in the scripting languages of v...