Blockaid

@blockaid

7 Following

150 Followers

Rainbow pfp

Trade with confidence and speed. Aping into coins with Rainbow is easier than ever with swaps and bridging easily accessible in the Onchain Browser — it also has anti-scam protection built in with @blockaid transaction simulator so you can explore and connect to dapps without fear

1 reply

2 recasts

0 reaction

Blockaid pfp

Thanks for you patience!

1 reply

0 recast

1 reaction

Blockaid pfp

Hey @eggman.eth reached out via dm.

0 reply

0 recast

2 reactions

Blockaid pfp

After inspection, the dapp is safe to use. Thanks for reaching out.

1 reply

0 recast

0 reaction

Blockaid pfp

🚨 layerswap’s website has been compromised 🚨 Blockaid enabled wallets are secure

0 reply

1 recast

6 reactions

Blockaid pfp

Proud to be the Official Security Sponsor of ETHDenver See you next week!

0 reply

0 recast

2 reactions

MetaMask 🦊 pfp

🔐Security update time! After integrating privacy-preserving MetaMask Security Alerts powered by @blockaid in October, we are now turning them ON by default for all Extension users and across multiple MetaMask networks. They are not available by default on mobile yet, so please opt-in.

0 reply

1 recast

12 reactions

Blockaid pfp

(9/9) These attacks target active, high-value users who probably shouldn’t have to worry about dust transactions. While all Blockaid-protected users were proactively protected, it’s not enough – we need to protect every transaction in web3 full stop.

0 reply

0 recast

0 reaction

Blockaid pfp

(8/9) About an hour later, the victim falls into scam https://etherscan.io/tx/0xd31b85e7148d840a5c4a5c4a8b125d69148bb9a88e29c23a5fdddec5fe936359 ultimately initiating a 50 ETH transaction, but mistakenly setting the destination as the dust address.

1 reply

0 recast

0 reaction

Blockaid pfp

(7/9) Shortly thereafter we see a ‘dust transaction’ https://etherscan.io/tx/0x9660541a9ec5b504b2c6efe72b524ed1a0c51d9edea9923ef433ac169418c885 where a fake dust address (0x4f512487a746AB1638B5fFb0D8321dBDFA6Fb8eA) similar to the previous transaction destination sent a small amount of ETH to the victim address.

1 reply

0 recast

0 reaction

Blockaid pfp

(6/9) We first see a Legitimate transaction https://etherscan.io/tx/0xfa832644aebf26ab93073d7dd019340634e09e7a301005535973971ea72de321 where the victim (0x16287a517499a467A349b70764A4ecAE56D1d2c9) sent 25.81 ETH to a legit destination (0x4f512126668388328EeA49732DE1249bf86Eb8Ea).

1 reply

0 recast

0 reaction

Blockaid pfp

(5/9) Here’s a live example of the user who was tricked into sending 50ETH to an attacker’s fake address:

1 reply

0 recast

0 reaction

Blockaid pfp

(4/9) The dust addresses send back a fixed portion of the value from the targeted transaction using a counterfeit address, intending to deceive users into mistakenly using this fake address for future transactions, potentially leading to significant loss of funds.

1 reply

0 recast

0 reaction

Blockaid pfp

(3/9) These dust transactions emanate from addresses that match the first and last characters of the fake address to legitimate addresses previously transacted with by a given user. This sophisticated method targets wallets engaged in high-value Ethereum transactions.

1 reply

0 recast

0 reaction

Blockaid pfp

Since January 1st of this year, there have been over 105,000 dust attacks, resulting in 33 incidents that collectively lost 591 ETH (~$1.7M). Including one attack that represented a loss of 261 ETH and another that resulted in the loss of 136.7 ETH. 🧵

1 reply

0 recast

0 reaction

Blockaid pfp

(2/9) But what is a dust attack? Essentially dust attack involves tiny, unsolicited cryptocurrency transactions sent to multiple wallets. The attackers ultimately hope to trick users into interacting with these small deposits, which could expose them to vulnerabilities.

1 reply

0 recast

0 reaction

Blockaid pfp

TFW the team is so passionate about web3 security that we get excited when security research is attributed to us on Etherscan

0 reply

0 recast

2 reactions

Blockaid pfp

We have notified the Safe team and are working with our customers and partners to limit the impact of this drain. To learn more about ongoing threats or to help proactively protect your users from emerging threats, visit Blockaid.io.

0 reply

0 recast

0 reaction

Blockaid pfp

This is not an attack on Safe, Safe users are not broadly impacted — rather they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts, which can provide a false sense of security as it’s unrelated to validating whether or not the contract is malicious.

1 reply

0 recast

0 reaction

Blockaid pfp

Today our researchers discovered yet another emerging attack vector from the Angel Drainer group — this time phishing users and leading them to a single Safe Vault contract where 128 wallets have been drained of $403k+ so far. All Blockaid-protected users are safe. 🧵

1 reply

0 recast

1 reaction