BlockBriefly
Crypto Investor Loses $3M in Advanced Phishing Exploit
Sept. 12, 2025

Crypto Investor Loses $3M in Advanced Phishing Exploit

By: Eliza Bennet

A recent sophisticated phishing attack has resulted in the theft of over $3 million from a crypto investor's wallet, as revealed by blockchain investigator ZachXBT. Using a malicious contract, the attacker successfully drained $3.047 million in USDC from the victim’s wallet on September 11. The stolen funds were quickly converted into Ethereum and channeled through Tornado Cash, a service that provides anonymity for cryptocurrency transactions.

Security expert and founder of SlowMist, Yu Xian, provided insights into how the exploit was executed. The victim's wallet, a 2-of-4 Safe multi-signature setup, was compromised through a clever phishing technique. The attacker lured the victim into authorizing transfers to a fraudulent address that mimicked the legitimate recipient’s address. The architecture of the malicious contract made it nearly indistinguishable from the intended legitimate transaction, as it used similar first and last characters.

The breach utilized the Safe Multi Send mechanism, embedding unauthorized approvals in what appeared to be routine transactions. This sophisticated approach enabled the attacker to bypass standard detection measures. Further investigation revealed that the groundwork for the attack was laid well in advance. According to Scam Sniffer, a fake but Etherscan-verified contract featuring multiple "batch payment" functions was deployed nearly two weeks prior to the exploit. This contract was designed to resemble a genuine feature of the Request Finance app interface, allowing the hacker to gain access to the victim’s funds.

In response, Request Finance confirmed that the malicious actor had exploited a fraudulent version of its Batch Payment contract. The company reassured the public that only one customer was affected and that the vulnerability had been rectified. However, the incident has raised alarming concerns about phishing attacks in the cryptocurrency ecosystem. Blockchain security firms warn that such sophisticated exploits could emerge from various sources, including compromised apps, malware, browser extensions, or DNS hijacking. The use of verified contracts and nearly identical addresses highlights the evolving threat landscape, underscoring the need for heightened vigilance among cryptocurrency users.

Latest News

Dogecoin Surges Amid Institutional Interest and ETF Anticipation
Sept. 12, 2025
Dogecoin Surges Amid Institutional Interest and ETF Anticipation
Crypto Funding Declines While Bitstamp Sees Volume Surge in August
Sept. 12, 2025
Crypto Funding Declines While Bitstamp Sees Volume Surge in August
Bitcoin Mining: Navigating Record Hash Rates and AI Competition
Sept. 12, 2025
Bitcoin Mining: Navigating Record Hash Rates and AI Competition
Bitcoin Faces Bearish Signals Despite Recent Surge
Sept. 12, 2025
Bitcoin Faces Bearish Signals Despite Recent Surge
Get In Touch

[email protected]

Follow Us
News Directory
Past Market Trends

© BlockBriefly. All Rights Reserved.