Security Agency Scam Sniffer Reveals Same Attacker Steals $585,000 in 11 Hours
Security agency Scam Sniffer disclosed that a user lost approximately $221,000 in WBTC after signing a phishing transaction on Ethereum. The same attacker stole a total of about $585,000 from four victims within approximately 11 hours.
This incident is a typical case of "signature phishing" (approval phishing), where attackers induce users to authorize asset transfer permissions through a forged interface. Once the signature is completed, funds can be transferred without further confirmation. Similar attacks continue to occur in wallet ecosystems like MetaMask, often implemented through social media links and fake front ends.
An English security report shows that such drainer tools have become industrialized, supporting bulk attacks and automated transfer paths. Institutions like Chainalysis and SlowMist have also pointed out that signature-based attacks are replacing traditional private key theft, becoming one of the main sources of cryptocurrency asset losses.
Source: Public Information
ABAB AI Insight
This type of incident is not a result of "hacker technology upgrades," but rather a shift in security boundaries. The blockchain system itself remains solid at the consensus and cryptographic levels, but the user's "signature behavior" has become a new attack entry point. Private keys no longer need to be stolen; simply inducing users to complete an authorization on a legitimate interface completes the attack. The security issue has shifted from "system vulnerabilities" to "user interaction design."
The mechanism of signature as authorization is essentially a side effect of disintermediation. In traditional finance, transactions require multiple verifications and intermediary reviews, while on-chain, users have complete control but also bear all risks. This design increases efficiency but shifts risk management responsibility to individuals, exposing ordinary users to complex permission models.
From an industrial perspective, the emergence of drainer tools indicates that attacks have been standardized and modularized, entering a "tool-based crime" phase. Attackers no longer need a deep technical background; they can execute large-scale phishing attacks simply by using ready-made tools, which is highly similar to the industrialization path of early internet phishing emails.
A deeper impact lies in the trust structure. If a large number of users continue to lose assets due to signature misoperations, it will weaken the adoption speed of self-custody models, instead promoting more funds to flow back to centralized platforms or custodial services. This tension between "security and decentralization" is reshaping user stratification and infrastructure choices in the cryptocurrency industry.