Cybercriminals are employing a sophisticated technique called “transaction simulation spoofing” to steal cryptocurrency, with a recent attack resulting in the theft of 143.45 Ethereum (ETH), valued at nearly $460,000.
This exploit, identified by blockchain security platform ScamSniffer, targets vulnerabilities within the transaction simulation features of modern Web3 wallets—tools designed to protect users from malicious and fraudulent transactions.
How the Attack Works
Transaction simulation is a security feature that allows users to preview the outcome of a blockchain transaction before approving and executing it. This function helps users verify transaction details, such as:
- The amount of cryptocurrency being sent or received.
- Applicable gas (transaction) fees.
- Changes to on-chain data resulting from the transaction.
Attackers exploit this feature by directing victims to a fraudulent website disguised as a legitimate platform. On this site, users are prompted to interact with a seemingly harmless “Claim” function. The simulation preview misleadingly shows that the user will receive a small amount of ETH.
However, due
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: