Uncovering a $4.2m Phishing Attack with Malicious Opcode: How a Web3 Anti-Scam Investigator Exposed the Scam

Uncovering a $4.2m Phishing Attack with Malicious Opcode: How a Web3 Anti-Scam Investigator Exposed the Scam


Web3 sleuth exposes phishing scam that resulted in $4.2 million loss through a harmful opcode


On January 22, an unidentified individual suffered a loss of $4.2 million in aEthWETH and aEthUNI tokens.


As reported by a crypto researcher known as @realscamsniffer, an individual who remains unidentified lost a total of $4.2 million in aEthWETH and aEthUNI after conducting transactions with a forged ERC-20 permission signature.


The individual who was affected authorized multiple transactions through an ERC-20 approval that utilized a contract containing an opcode to circumvent security alerts. This resulted in the creation of new addresses for each signature prior to the execution of the transaction, ultimately redirecting the victim's funds from their original address to an unauthorized one.


The term "Opcode malware" in relation to cryptocurrency hacks describes harmful computer programs that take advantage of the operation codes utilized in the scripting languages of different cryptocurrency platforms. This type of malware can, for example, redirect cryptocurrency to the attacker's account, authorize the attacker to use other users' funds, or immobilize assets within a smart contract.


According to the X user, it is important for traders to exercise caution when signing and approving transactions. They should pay special attention to warnings from Web3 wallet apps. Furthermore, experts recommend a practice called "do your own research" (DYOR) when dealing with cryptocurrency, which involves taking personal responsibility and being knowledgeable about various forms of phishing and scams.


During November of 2023, an individual using Uniswap suffered a loss of over $700,000 within mere seconds after setting up a liquidity pool. This was caused by an increase in MEV bots, potentially due to a mistake in the configuration. The transaction caught the interest of MEV bots, whose main goal was to maximize their profits by rearranging transactions within a block.


In 2023, phishing attacks were responsible for causing users to lose almost $295 million, according to an annual report from the crypto expert @realscamsniffer. These attacks were found to be the most frequently utilized form of scam by hackers in the crypto industry, as reported by crypto news sources.


The following is a list of steps that can be taken to avoid plagiarism. Make sure to follow these steps to ensure that your work is original and properly cited:


  1. Understand the definition of plagiarism and what it entails.
  2. Take time to properly research and gather information from various sources.
  3. Use your own words to express ideas and concepts, rather than copying directly from a source.
  4. Always cite your sources using the appropriate citation style.
  5. Use quotation marks when directly quoting a source.
  6. Use paraphrasing to reword information from a source in your own words.
  7. Double check your work for any unintentional plagiarism.
  8. When in doubt, always cite your sources to avoid any potential issues.
  9. Seek guidance from your instructor or a writing center if you are unsure about proper citation techniques.
  10. Remember, plagiarism is a serious offense and can have severe consequences, so make sure to always prioritize originality and proper citation in your work.