Summary: Threat actors are utilizing a new tactic known as “transaction simulation spoofing” to steal cryptocurrency, successfully executing an attack that resulted in the theft of 143.45 Ethereum, valued at around $460,000. This method exploits flaws in transaction simulation mechanisms in Web3 wallets, which are intended to protect users from fraudulent activities.
Threat Actor: Unknown | unknown
Victim: Individual | individual
Key Point :
- Attackers create a malicious website that mimics legitimate platforms, tricking users into initiating a deceptive “Claim” function.
- The time delay between transaction simulation and execution allows attackers to manipulate the on-chain contract state, leading to asset theft.
- ScamSniffer warns that this sophisticated phishing technique exploits trusted wallet features, making detection difficult.
- Recommendations include reducing simulation refresh rates and adding expiration warnings to enhance user security.
- Cryptocurrency holders should exercise caution with “free claim” offers on obscure websites and only use verified dApps.