New Crypto Scam Exploits ERC-2612 Tokens, Drains Wallets Without Transaction Approval

Draining Wallets Without Transaction Approval

Users face a new threat as scammers exploit a vulnerability in ERC-2612 tokens to drain victims’ wallets without needing transaction approval. The scam, circulating on Telegram, has already resulted in significant financial losses for unsuspecting users.

Reports indicate that the scam specifically targets tokens with the ERC-2612 standard, enabling what is known as “gas-less transfers.” This feature allows transfers without having ETH in the wallet to pay gas fees.

While it is convenient for users, it opens up avenues for exploitation by malicious actors. The scam’s modus operandi involves tricking users into signing a message that grants the attacker access to their funds.

One victim, who lost over $600 worth of Open Exchange (OX) tokens, recounted how he fell into a phishing scam. According to him, he visited what he believed to be the official Telegram group for the token’s network, OPNX. Upon entering the group, he was prompted to connect his wallet to prove he was not a bot, unwittingly falling prey to the scam.

Collab.Land Team Confirms Imposter, Urge Vigilance

Upon closer inspection, the fake Telegram group featured a counterfeit version of the Collab.Land verification system, with subtle alterations designed to deceive users. The fraudulent scheme utilized a fake Collab.Land bot profile and directed users to a malicious website.

The attackers employed a technique involving the “Permit” function within the OX token contract, allowing them to authorize transfers on behalf of the victim without their explicit consent. By manipulating the token contract, the attackers set themselves as the “spender” and the victim’s account as the “owner,” draining the funds without requiring traditional transaction approval.

Experts warn that as more tokens adopt the ERC-2612 standard, such attacks may become increasingly prevalent. Thus, they urge users to verify the authenticity of requests before granting access to their wallets. Meanwhile, the Collab.Land team confirmed that it had reported the fraudulent activity to Telegram.

Hackers Exploit DeFi Protocol Blueberry

In a related development, the decentralized finance (DeFi) protocol Blueberry suffered an “ongoing exploit,” prompting quick efforts to mitigate damages. Accordingly, the Blueberry Protocol Foundation has urged users to withdraw funds from the platform’s lending markets.

However, users reported difficulties withdrawing funds as the platform’s front end was inaccessible. Further updates from Blueberry indicate that a semblance of stability is back to the platform as its website resumed regular operation.

Also, the network’s team revealed an individual known as c0ffeebabe.eth had helped intercept the drained fund and safely secured it in the Blueberry multisig. However, efforts were underway to contact the validator and recover the remaining 91 ETH.

White Hat Intervention Secures Majority Of Drained Funds

Initially, the hacker siphoned 457 ETH. However, the intervention of a white hat hacker helped retrieve 366 ETH, returning it to the multi-signature wallet. Nevertheless, Blueberry reiterated that deposited funds remained safe, as the exploit affected only three markets.

With 91 ETH unrecovered, the Foundation has prioritized full repayment to affected users while keeping the protocol paused for security reasons. Blueberry protocol, renowned for its decentralized lending services, allowed leveraged borrowing of up to 20x collateral value and boasted a total value locked (TVL) of $4.5 million, according to DefiLlama. However, its TVL plummeted to $3.15 million following the exploit attempt, highlighting the impact of security breaches on investor confidence within the DeFi ecosystem.