A significant loss of $7.8 million in SolvBTC, a wrapped Bitcoin product by Solv Protocol, occurred due to a phishing attack targeting a crypto user.
Blockchain security firm Scam Sniffer brought attention to the incident on Dec. 11, highlighting the increasing complexity of such fraudulent activities.
Unfolding of the Attack
The victim fell prey to a phishing transaction, unknowingly facilitating a direct transfer of assets to an address predetermined using Ethereum’s CREATE2 opcode.
Utilizing CREATE2, attackers could anticipate contract addresses before deployment, evading wallet security alerts by generating temporary addresses for each deceitful signature. Once the victim signs the transaction, the attacker deploys a contract at the specified address to empty the wallet.
While CREATE2 is commonly employed in legitimate platforms like Uniswap for deploying Pair contracts, it is now exploited in draining schemes.
Escalating Scams
Scam Sniffer also issued a caution regarding the increasing prevalence of crypto scams on the social media platform X.
In early December, the daily count of fake crypto accounts surpassed 300, up from 160 in November. Numerous accounts impersonate influencers to entice victims into fraudulent Telegram groups.
Once users join these groups, they are prompted to verify their identities through a bot named OfficialSafeguardBot, creating a false sense of urgency to expedite the process.
During verification, the bot discreetly inserts malicious PowerShell code into the victim’s clipboard. If executed, the code downloads malware aimed at compromising the user’s system and crypto wallets.
The malware, identified by VirusTotal, has resulted in multiple instances of private key theft. This signifies a new phase in crypto scams, blending phishing tactics with sophisticated social engineering and malware deployment.
Mentioned in this article
