Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Scam Sniffer | Web3 Anti-Scam Profile picture
@realScamSniffer
Jan 10 8 tweets 3 min read Read on X
Scrolly
1/8 🚨 SECURITY ALERT: A victim lost 143.45 ETH ($460,895) through transaction simulation spoofing 1 day ago.

Here's how these attacks work... 🧵 Image
2/8 📱 Transaction simulation is a feature in modern Web3 wallets that shows users the expected outcome of their transactions before signing.

This feature aims to improve transparency and user experience. 🔍 Image
3/8 ⚠️ However, attackers exploit the delay between simulation and execution.

They create phishing sites that manipulate on-chain states immediately after transaction submission. 🕒 Image
4/8 💻 The attack sequence:
• Phishing site initiates a "Claim" ETH transfer
• Wallet simulates tiny ETH receipt (0.000...0001 ETH)
• Backend modifies contract state
• Actual transaction drains wallet Image
5/8 ⚡ Recent example analysis:
• Phishing site modified contract state
• Victim signed transaction ~30 seconds after state change
• Claim function executed
• Resulted in complete wallet drain
All appearing legitimate in simulation ⛓️

etherscan.io/tx/0x014321fba…Image
6/8 🛡️ Protection tips:
• Double-check transaction details
• Verify contract interactions
• Be suspicious of "free claim" offers
• Use trusted dApps only

🛡️ Protect your assets with ScamSniffer extension 🔒
7/8 🔧 Wallet Optimization Suggestions:
• Dynamic refresh based on block time
• Force simulation refresh before signing
• Show simulation timestamps & block heights
• Integrate phishing contract blocklist
• Alert for outdated simulation results
8/8 ⚔️ This represents an advanced evolution in phishing attacks, exploiting trusted wallet features.

Always verify transactions through multiple sources and remain vigilant. 🔐

Read more 👇
drops.scamsniffer.io/transaction-si…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Scam Sniffer | Web3 Anti-Scam

Scam Sniffer | Web3 Anti-Scam Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @realScamSniffer

Scam Sniffer | Web3 Anti-Scam Profile picture
Aug 26
🚨 ALERT: Another victim lost $235,977 in tokens after signing malicious EIP-7702 batch transactions. Image
victim:
0x4897e52525bFb35c2D0B6F4f93090bB9C9E9ddf5

scammers:
0x7fE37417B727Be5CDe96Fb2EfEefc51EA42DfAD8
0x93eF5c6Dc6B82B09D747151fa46C5375BffEc2b5

etherscan.io/tx/0xa2a6a9c8d…
The victim signed EIP-7702 phishing batch transactions that contained multiple token transfers.

tdly.co/tx/0xa2a6a9c8d…Image
Read 4 tweets
Scam Sniffer | Web3 Anti-Scam Profile picture
Dec 10, 2024
1/7 🚨 SECURITY ALERT: New sophisticated scam targeting crypto users through fake Telegram groups.

Attackers are impersonating multiple crypto influencers and using malicious bots for verification. Here's how it works... 🧵 Image
2/7 📱 First, scammers create fake accounts mimicking popular crypto influencers.

They comment on legitimate posts, inviting users to "exclusive" Telegram groups promising alpha and investment insights. 🎭 Image
Image
3/7 ⚠️ Once in the Telegram group, users are immediately prompted to verify through OfficiaISafeguardBot.

This fake bot creates artificial urgency with extremely short verification windows. 🕒 Image
Read 7 tweets
Scam Sniffer | Web3 Anti-Scam Profile picture
Dec 3, 2024
🧵 [1/7] 🚨 ScamSniffer November Phishing Report

$9,380,000 STOLEN
9,208 VICTIMS

November saw one victim lose $661K in stETH within minutes - and that's just the tip of the iceberg.

Let's dive into the dark side of Web3... 🧵 Image
🧵 [2/7] BIGGEST HITS 💸

• $661K stETH (ETH) - Permit
• $409K WBTC (ARB) - Permit
• $344K FET (ETH) - Uniswap Permit2
• $220K USDT (ETH) - Direct Transfer

Pattern? Malicious signatures remain the deadliest weapon 🎯 Image
🧵 [3/7] TREND ANALYSIS 📊

NOV: $9.38M (-53%)
OCT: $20.2M
SEP: $45.8M

Losses are down, but the victim count remains high. Image
Read 7 tweets
Scam Sniffer | Web3 Anti-Scam Profile picture
Oct 11, 2024
🚨 5 hours ago, someone lost 15,079 fwDETH($35M) after signing a "permit" phishing signature.💸 Image
Image
victim:
0xeab23c1e3776fad145e2e3dc56bcf739f6e0a393

scammer:
0x0605edee6a8b8b553cae09abe83b2ebeb75516ec

Token spenders are temporary addresses pre-computed by CREATE2.

Image
Read 4 tweets
Scam Sniffer | Web3 Anti-Scam Profile picture
Oct 4, 2024
🚨 ScamSniffer September Phishing Report
In September, around 10K victims lost approximately $46 million to crypto phishing scams.

In Q3 2024, phishing losses totaled $127 million with an average of 11K victims per month. Two major victims accounted for $87 million. 💸

🧵 [1/8] Image
🧵 [2/8] One victim lost $32 million by signing a permit signature.

As users, always double-check for potential phishing risks before signing anything. 🔍💰

🧵 [3/8] One victim $1 million by copying the wrong address from a contaminated transfer history.

🚫 Never copy the address from transfer histories.
Read 8 tweets
Scam Sniffer | Web3 Anti-Scam Profile picture
Aug 21, 2024
🚨 5 hours ago, a victim lost $55.43M in DAI after signing a phishing transaction targeting its DeFi Saver Proxy.

How did this happen? 👇 Image
By checking 0x2129F8a9b6C3092a600Da82Ce859B7A9a69983E4‘s transactions,

10 hours ago, the victim 0xf2B889437F243396b29E829908b5d8ebE2e13048 executed a `setOwner` transaction.

etherscan.io/address/0x2129…
Image
This resulted in the owner of its DeFiSaver Proxy contract pointing to a phishing address:
0x0000db5c8B030ae20308ac975898E09741e70000

etherscan.io/tx/0xb721c8d60…
Image
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(