An undisclosed individual recently experienced a substantial loss of $4.2 million in a crypto phishing attack involving aEthWETH and aEthUNI. The victim fell prey to the attack, which exploited a forged ERC-20 permission signature.
Yet Another Phishing Scam: Victim Deprived of 4.2 Million Dollars
As per the findings of the Web3 security firm Scam Sniffer, the victim inadvertently approved multiple transactions using a manipulated ERC-20 authorization, facilitated by an opcode contract designed to circumvent security alerts.
This deceptive method involved the creation of new addresses for each signature, diverting funds from the victim to an unauthorized address before executing the transactions.
For those unfamiliar with the term, opcode malware is a type of malicious software that exploits operation codes in scripting languages across various platforms. Its capacity to redirect funds, authorize unauthorized expenditures, and immobilize assets within smart contracts poses a significant threat, often evading conventional security measures and complicating detection and removal efforts.
Loss of 4.2 Million Dollars in Latest Phishing Attack Victim’s Case
Security experts warn that opcode malware has the capability to take control of a victim’s CPU, memory, and system resources by exploiting vulnerabilities in the operating system, applications, or other software running on the victim’s computer.
Once infiltrated, the malware can execute a series of instructions presented as machine code, enabling it to carry out malicious activities.
Over the past year, there has been a consistent monthly increase in phishing activities, with scammers employing increasingly sophisticated tactics to evade security measures.