New Crypto Scam Exploits ERC-2612 Tokens, Drains Wallets Without Transaction Approval
Draining Wallets Without Transaction Approval
Users face a new threat as scammers exploit a vulnerability in ERC-2612 tokens to drain victims’ wallets without needing transaction approval. The scam, circulating on Telegram, has already resulted in significant financial losses for unsuspecting users.
Reports indicate that the scam specifically targets tokens with the ERC-2612 standard, enabling what is known as “gas-less transfers.” This feature allows transfers without having ETH in the wallet to pay gas fees.
While it is convenient for users, it opens up avenues for exploitation by malicious actors. The scam’s modus operandi involves tricking users into signing a message that grants the attacker access to their funds.
One victim, who lost over $600 worth of Open Exchange (OX) tokens, recounted how he fell into a phishing scam. According to him, he visited what he believed to be the official Telegram group for the token’s network, OPNX. Upon entering the group, he was prompted to connect his wallet to prove he was not a bot, unwittingly falling prey to the scam.
Try Crypto Engine today, the best crypto trading bot! Click here to sign up. Artificial intelligence crypto bots are leading the trading markets, you can take part in the AI revolution and make money too! Stay ahead of the crypto game with Artificial Intelligence crypto trading bot today!
Collab.Land Team Confirms Imposter, Urge Vigilance
Upon closer inspection, the fake Telegram group featured a counterfeit version of the Collab.Land verification system, with subtle alterations designed to deceive users. The fraudulent scheme utilized a fake Collab.Land bot profile and directed users to a malicious website.
The attackers employed a technique involving the “Permit” function within the OX token contract, allowing them to authorize transfers on behalf of the victim without their explicit consent. By manipulating the token contract, the attackers set themselves as the “spender” and the victim’s account as the “owner,” draining the funds without requiring traditional transaction approval.
Experts warn that as more tokens adopt the ERC-2612 standard, such attacks may become increasingly prevalent. Thus, they urge users to verify the authenticity of requests before granting access to their wallets. Meanwhile, the Collab.Land team confirmed that it had reported the fraudulent activity to Telegram.
Hackers Exploit DeFi Protocol Blueberry
In a related development, the decentralized finance (DeFi) protocol Blueberry suffered an “ongoing exploit,” prompting quick efforts to mitigate damages. Accordingly, the Blueberry Protocol Foundation has urged users to withdraw funds from the platform’s lending markets.
However, users reported difficulties withdrawing funds as the platform’s front end was inaccessible. Further updates from Blueberry indicate that a semblance of stability is back to the platform as its website resumed regular operation.
Also, the network’s team revealed an individual known as c0ffeebabe.eth had helped intercept the drained fund and safely secured it in the Blueberry multisig. However, efforts were underway to contact the validator and recover the remaining 91 ETH.
White Hat Intervention Secures Majority Of Drained Funds
Initially, the hacker siphoned 457 ETH. However, the intervention of a white hat hacker helped retrieve 366 ETH, returning it to the multi-signature wallet. Nevertheless, Blueberry reiterated that deposited funds remained safe, as the exploit affected only three markets.
With 91 ETH unrecovered, the Foundation has prioritized full repayment to affected users while keeping the protocol paused for security reasons. Blueberry protocol, renowned for its decentralized lending services, allowed leveraged borrowing of up to 20x collateral value and boasted a total value locked (TVL) of $4.5 million, according to DefiLlama. However, its TVL plummeted to $3.15 million following the exploit attempt, highlighting the impact of security breaches on investor confidence within the DeFi ecosystem.
Disclaimer: Latest Coin News is your go-to platform for promoting content for a multitude of cryptocurrency and blockchain enterprises, and your organization could be the next to benefit from our services! For inquiries, don’t hesitate to connect with us via our Telegram Chat. Given the volatile nature of the cryptocurrency market, we encourage you to conduct comprehensive research prior to making any investment decisions. Some of the content on our website, such as broker reviews, is either paid content or contributions from guest authors and may not necessarily reflect the views of Latest Coin News. We disclaim any responsibility for the accuracy, quality, and content of advertisements, products, or any other materials, including ad spaces displayed on our platform. For a thorough understanding, we invite you to review our full terms and conditions and disclaimer.