ETHSecurity Community

Today our researchers discovered yet another emerging attack vector from the Angel Drainer group — this time phishing users and leading them to a single Safe Vault contract where 128 wallets have been drained of $403k+ so far. All Blockaid-protected users are safe. 🧵

At 6:41am UTC on Monday, February 12th, Angel Drainer group deployed a Safe vault contract—   0xbaee148df4bf81abf9854c9087f0d3a0ffd93dbb— which they have since used to phish and scam users, prompting them to sign a Permit2 with this Safe Vault as the operator.

Protect web3 users from fraud, phishing, and hacks.

We have notified the Safe team and are working with our customers and partners to limit the impact of this drain. To learn more about ongoing threats or to help proactively protect your users from emerging threats, visit Blockaid.io.

This is not an attack on Safe, Safe users are not broadly impacted — rather they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts, which can provide a false sense of security as it’s unrelated to validating whether or not the contract is malicious. 