Angel Drainer Strikes Again: $400k Pilfered from Safe Vault Wallets

Another hack perpetrated by the malicious hacking group Angel Drainer has been uncovered by the Web3 security platform Blockaid. This breach has led to the exposure of funds totaling $403,000 through a compromised smart contract.

Blockaid has promptly notified the Safe Vault team and is collaborating with affected victims to mitigate the impact of the Angel Drainer attack.

Angel Drainer: Safe Vault Exploit

In a series of posts on X (formerly Twitter), Blockaid explained that 128 wallets have been drained by Angel Drainer through the Safe Vault exploit to the total amount of over $403,000.

“This is not an attack on Safe, and Safe users are not broadly impacted — rather they decided to use this Safe vault contract because Etherscan automatically adds a verification flag to Safe contracts.”

The security firm further explained that the verification flag adds a “false sense of security,” for investors, not knowing whether or not the contract itself is malicious.

Links to Malicious Smart Contracts. Source: BlockAid

Read more: Crypto Social Media Scams: How to Stay Safe

Alarming Volume of Crypto Phishing Scams

Web3 anti-scam platform Scam Sniffer has revealed the alarming volume of crypto pilfered in 2023 due to the increasing amount of sophisticated phishing scams.

Last year, Scam Sniffer found that Wallet Drainers took about $295 million from around 324,000 victims.

Total Stolen Crypto Across 2023. Source: Scam Sniffer

Meanwhile, in October 2023, it was reported that scammers were sending phishing emails to Binance account holders in Hong Kong.

Additionally, approximately $3.5 million HKD (around $447,000) had been stolen from Binance users in Hong Kong.

Hong Kong law enforcement advised against storing large amounts of crypto on exchanges. 

“Additionally, large amounts of virtual assets should be stored in offline cold wallets such as external storage devices to reduce the risk of hacking attacks.”

Read more: What Is a Rug Pull? A Guide to the Web3 Scam

However, one significant crypto holder recently experienced a staggering loss of $24 million in a single transaction, according to blockchain security firm PeckShield.

The individual lost a total of 9,579 stETH (Lido staked Ethereum token) and 4,851 rETH (Rocket Pool staked Ethereum token).

Meanwhile, even when verifiable crypto influencers are posting links, investors must be cautious.

On September 9, hackers targeted Ethereum co-founder Vitalik Buterin’s X account. They posted a fraudulent ConsenSys link, swindling almost $700,000 from his followers.