Cybercriminals are employing a sophisticated technique called “transaction simulation spoofing” to steal cryptocurrency, with a recent attack resulting in the theft of 143.45 Ethereum (ETH), valued at nearly $460,000.
This exploit, identified by blockchain security platform ScamSniffer, targets vulnerabilities within the transaction simulation features of modern Web3 wallets—tools designed to protect users from malicious and fraudulent transactions.
How the Attack Works
Transaction simulation is a security feature that allows users to preview the outcome of a blockchain transaction before approving and executing it. This function helps users verify transaction details, such as:
- The amount of cryptocurrency being sent or received.
- Applicable gas (transaction) fees.
- Changes to on-chain data resulting from the transaction.
Attackers exploit this feature by directing victims to a fraudulent website disguised as a legitimate platform. On this site, users are prompted to interact with a seemingly harmless “Claim” function. The simulation preview misleadingly shows that the user will receive a small amount of ETH.
However, due to the brief time gap between simulation and actual execution, attackers manipulate the on-chain contract state, altering the transaction’s behavior. When the user approves the transaction based on the simulation, they unknowingly authorize the transfer of their entire cryptocurrency balance to the attacker’s wallet.
ScamSniffer reported a real-world example where a victim signed the deceptive transaction just 30 seconds after the contract state was modified, leading to the loss of 143.45 ETH.
“This new attack vector represents a significant evolution in phishing techniques,” stated ScamSniffer. “Instead of relying on basic deception, attackers are now exploiting trusted wallet features that users depend on for security. This advanced method makes detection much more difficult.”
Mitigation Strategies for Wallet Developers
To counteract such threats, ScamSniffer recommends several security improvements for Web3 wallets:
- Limit Simulation Refresh Rates: Align refresh rates with blockchain block times to reduce the window for manipulation.
- Mandatory Simulation Refresh: Force wallets to refresh simulation results before executing critical actions.
- Expiration Warnings: Implement alerts that notify users when simulation results become outdated.
Precautions for Crypto Holders
For cryptocurrency users, this incident highlights the risks of fully trusting wallet transaction simulations. To enhance security, users should:
- Exercise caution with “free claim” offers on unfamiliar websites.
- Only interact with verified and trusted decentralized applications (dApps).
- Regularly review wallet permissions and revoke access to suspicious platforms.
As phishing tactics grow more sophisticated, staying vigilant and adopting secure practices is crucial for protecting digital assets.