Dormant Web3 wallet hacked for $908K in rare phishing attack, highlighting urgent need to revoke old approvals and stay vigilant.
In a recent and rare cyberattack, a dormant Web3 wallet was drained of approximately $908,551 in USDC. According to data from Scam Sniffer, the wallet had been inactive for over 1.5 years before becoming the target of a sophisticated phishing scheme.
The phishing attacker used an authorized signed phishing, which gave them access to the3 contents of the wallet. Only a month ago, the wallet transferred the entire sum, which was then lost in a couple of hours after the phishing authorization came into effect. The hack brings about an expanding issue within the Web3 ecosystem, as dormant wallets can be put in danger by their former authorizations or security negligence.
Web3 Users Warned to Revoke Old Token Approvals
The intricacy of the theft was founded on a general Web3 strategy known as phishing authorization. Here, the owner of the wallet signed a bad transaction (approval) without knowing it. Such a phishing scam can be presented as a real decentralized application (dApp), and, therefore, it is hard to notice.
It is interesting to note that the attacker used a technique called Permit Phishing. This entails the “Permit” operation of the ERC-20 tokens, and it enables the users to sign off-chain token transfers. Since these approvals are not on-chain, they are more difficult to detect and exploited by attackers. Check Point Software alleges that this functionality was used by the attacker to make the user sign a message using his/her private key that provided access to the funds.
The history of the wallet was also characterized by communication with MetaMask Swaps and Kraken, which can be regarded as reliable. This introduces another dimension of complexity, because it implies that sometimes the malicious transactions may be mixed with the legitimate ones, and it becomes even harder to detect them. The incident is a critical lesson to the Web3 users on the necessity to revoke ancient token approvals, despite whether the wallet is in use or not. Leaving behind permissions can expose a wallet that is not even in use to possible exploitation.
Users Warned to Double-Check URLs and Addresses
Experts have emphasized the need for vigilance in the Web3 environment. Security companies such as Immunefi advise people to check wallet activity regularly and to be aware of phishing strategies. One should realize that even minuscule deposits of crypto are targets, particularly when the hacker identifies a vulnerability of any sort. To defend their properties, users ought to always verify URLs, recipient addresses, and transaction details before confirming any request. Furthermore, it is of utmost importance to be wary of any pop-ups or request on unfamiliar platforms.
To avoid such attacks in the future, a number of best practices are put forward. To begin with, users are expected to disconnect their wallets once they have connected to any dApp or Web3 site. This reduces the chances of background access. Secondly, tokens must be regularly checked and canceled with the help of trusted tools that are present in networks. Thirdly, before using a dApp, it is critical to conduct proper research on it. Lastly, wallet security alerts or app security alerts must not be overlooked, as they could be some of the first signs of maliciousness.
Related Reading: Arizona Woman Jailed for Aiding North Korea’s Crypto Job Scam
This event is eventually a wake-up call to the whole Web3 community. This shows that old wallets, even if unused for years, can still be hacked. Scammers are using more advanced tricks every day. Therefore, users must stay alert and protect their crypto. They should also follow better wallet hygiene to stay safe.
