Security

Multi-Sig Wallet Drained by Sophisticated Phishing Attack on Request Finance

Attackers leveraged fake Etherscan-verified contracts and Safe Multi Send to obscure malicious approvals, directly compromising user assets.
September 16, 20253 min

A central, white, segmented cylindrical mechanism forms the core, flanked by clusters of metallic blue, geometric blocks. Soft, white, cloud-like formations partially obscure these block clusters, creating a dynamic interplay
The image displays a close-up perspective of two interconnected, robust electronic components against a neutral grey background. A prominent translucent blue module, possibly a polymer, houses a brushed metallic block, while an adjacent silver-toned metallic casing features a circular recess and various indentations

Briefing

A sophisticated phishing attack successfully compromised an unidentified investor’s 2-of-4 Safe multi-signature wallet, resulting in the unauthorized transfer of assets. The primary consequence involved the draining of over $3 million in USDC, which the attacker rapidly converted to Ethereum and routed through Tornado Cash. This incident highlights a critical vulnerability in user transaction verification processes and the evolving tactics of threat actors. The total financial impact of the exploit stands at $3.047 million in USDC.

A metallic, silver-toned electronic component, featuring intricate details and connection points, is partially enveloped by a translucent, vibrant blue, fluid-like substance. The substance forms a protective, organic-looking casing around the component, with light reflecting off its glossy surfaces, highlighting its depth and smooth contours against a soft grey background

Context

Prior to this incident, the digital asset landscape has consistently faced persistent phishing threats targeting user approvals and wallet permissions. The prevailing attack surface includes interfaces where users authorize transactions, making them susceptible to social engineering and malicious contract interactions. A known class of vulnerability involves attackers deploying seemingly legitimate, Etherscan-verified contracts to masquerade as trusted entities, a tactic this exploit effectively leveraged.

A prominent circular metallic button is centrally positioned within a sleek, translucent blue device, revealing intricate internal components. The device's polished surface reflects ambient light, highlighting its modern, high-tech aesthetic

Analysis

The attack initiated with the attacker deploying a fake, Etherscan-verified contract weeks in advance, programmed with deceptive “batch payment” functions. The specific system compromised was the victim’s multi-signature wallet, facilitated through the Request Finance app interface. The attacker crafted the fraudulent contract to mirror the legitimate recipient’s address, using identical first and last characters.

This enabled the malicious approval to be disguised within the Safe Multi Send mechanism, appearing as a routine authorization. The chain of cause and effect shows the attacker’s strategic preparation, exploiting the victim’s trust and the complexity of transaction details to gain unauthorized control over funds.

The image displays an intricate 3D abstract composition featuring numerous glossy white spheres of various sizes connected by fine white lines. These interconnected spheres are intertwined with a central cluster of translucent, faceted blue cubes, and a large, smooth white ring encircles parts of the arrangement

Parameters

  • Protocol/Wallet Targeted → Unidentified investor’s 2-of-4 Safe multi-signature wallet
  • Vulnerability Type → Sophisticated Phishing, Malicious Contract Approval
  • Financial Impact → $3.047 Million USDC
  • Blockchain AffectedEthereum
  • Attack Vector Detail → Fake Etherscan-verified contract mimicking legitimate address, exploiting Safe Multi Send mechanism
  • On-Chain Forensics → Funds swapped to Ethereum and routed to Tornado Cash
  • Initial Flagging → ZachXBT on September 11, 2025
  • App Interface Exploited → Request Finance app

A detailed view showcases a futuristic satellite featuring segmented white casing and a luminous blue core, symbolizing sophisticated decentralized network architecture. This imagery directly relates to the foundational elements of blockchain technology, emphasizing its intricate design and operational mechanisms

Outlook

Immediate mitigation steps for users involve heightened scrutiny of all transaction approval requests, particularly when interacting with multi-send mechanisms. Users must verify the full contract address and not solely rely on partial matching. This incident will likely establish new security best practices emphasizing enhanced client-side validation and improved user interface transparency for complex transaction types. The contagion risk extends to any protocol or user relying on similar multi-send or batch transaction functionalities without robust, explicit authorization checks.

A central, clear, multi-faceted geometric object is encircled by a segmented white band with metallic accents, all set against a backdrop of detailed blue circuitry and sharp blue crystalline formations. This arrangement visually interprets abstract concepts within the cryptocurrency and blockchain domain

Verdict

This incident underscores the critical necessity for advanced user education and robust protocol-level safeguards against increasingly sophisticated social engineering and contract impersonation tactics.

Signal Acquired from → cryptoslate.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

malicious contract

Definition ∞ A malicious contract is a piece of code, often a smart contract on a blockchain, designed with the intent to deceive, defraud, or harm users.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

transaction

Definition ∞ A transaction is a record of the movement of digital assets or the execution of a smart contract on a blockchain.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

contract

Definition ∞ A 'Contract' is a set of rules and code that automatically executes when predefined conditions are met.

tornado cash

Definition ∞ Tornado Cash is a decentralized cryptocurrency mixing service designed to enhance user privacy by obscuring the transaction history of digital assets.

interface

Definition ∞ An interface is a point where two systems, subjects, organizations, etc.

users

Definition ∞ Users are individuals or entities that interact with digital assets, blockchain networks, or decentralized applications.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

Tags:

Tags: