As a new tactic, wallet drainers are now using Multicall, a legitimate feature of Uniswap V3, to circumvent security measures and carry out advanced phishing attacks. It is this strategy that just recently resulted in 85 Lido ETH displacement from a victim who was unfortunately enticed by the fraudulent actions.
How Did the Hacker Do It??
The victim’s experience illustrates the ascending trend for hackers to misuse Permit signatures that make the spender appear as the Uniswap Multicall contract for unauthorized asset transfer.
Web3 anti-scam platform, Scam sniffer, alerted the community with this latest action of scammers. With the help of Multicall’s aggregate function consisting of permit and transfer features, the drainer executed the transaction stealthily and successfully from the victim, who lost 85 Lido ETH, which is nearly 269,620 s per the market rates.
To stay undetected by MEV (Miner Extractable Value) bots, the attacker also performed checks to ensure the authenticity of the originating address which in return made the attacker’s activity masked and made the identification process more difficult.
Although different countermeasures were introduced to cope with this type of threat, front-running still proved to be an insurmountable barrier.
Protecting Yourself From Such an Attack
Developers reacted to this by activating a new version of the Multicall contract with improved permission checks to ensure that front-run attempts won’t take place again. Crypto users owe it to themselves to act with care and not give any token approval to Uniswap Multicall or rather, such similar contracts.
As the ERC token approval function is inherent to the nature of a permissionless environment, phishing attacks can be quite challenging to fight effectively.
As the crypto ecosystem continues to develop, maintaining awareness of the best security practices by staying away from malicious actors, as well as maintaining trust in the decentralized finance system, is vital. Be informed, and stay safe!
Also, Read About the Same Incident: WBTC Investor Loses $71 Million in Deceptive Phishing Attack