Check Point Research has identified a concerning surge in sophisticated phishing attacks within the cryptocurrency sector, focusing on draining funds from various blockchain networks. This wave of threats employs unique tactics and targets a broad spectrum of networks, including Ethereum, Binance Smart Chain, Polygon, Avalanche, and nearly 20 others.
The investigation uncovered a recurring address, 0x412f10aad96fd78da6736387e2c84931ac20313f, associated with a notorious phishing group known as “Angel Drainer.” Despite the closure of similar groups, such as Inferno Drainer, Angel Drainer persists in its operations, offering wallet-draining scripts and services to hackers for a percentage of the stolen amount.
The Angel Drainer group’s modus operandi involves phishing schemes, deceiving victims into entering wallet details on counterfeit websites. Termed as “crypto drainers,” these malicious programs or scripts unlawfully transfer cryptocurrency from victims’ wallets without consent. These attacks often initiate with fake airdrop or phishing campaigns, luring users through social media or email with promises of free tokens. Victims are directed to fraudulent websites resembling genuine token distribution platforms, where they are asked to connect their wallets, enabling subsequent attacks through malicious smart contracts.
The attackers exploit functions like “permit” to gain access to victims’ funds, often leaving no trace on the blockchain. One particular incident investigated by Check Point Research exposed the Angel Drainer’s technique, involving the deployment of a contract at the address 0x412f10aad96fd78da6736387e2c84931ac20313f. The attackers used a series of smart contract interactions, including a function known as “multicall,” to perform actions on the stETH token contract. The function signatures involved in these operations were “Permit” and “TransferFrom,” demonstrating the exploitation of vulnerabilities in the smart contract’s code.
The exploitation of the “Permit” function allowed the attackers to gain control over the victim’s stETH tokens, ultimately leading to their theft. The Angel Drainer group’s persistence underscores the challenges faced by the cryptocurrency market in protecting users and assets from evolving and persistent threats.