Skip to main content
Security

Multi-Sig Wallet Drained by Sophisticated Phishing Attack on Request Finance

Attackers leveraged fake Etherscan-verified contracts and Safe Multi Send to obscure malicious approvals, directly compromising user assets.
September 16, 20253 min

A luminous blue, fluid-like key with hexagonal patterns is prominently displayed over a complex metallic device. To the right, a blue module with a circular sensor is visible, suggesting advanced security features
A sophisticated, silver-grey hardware device with dark trim is presented from an elevated perspective, showcasing its transparent top panel. Within this panel, two prominent, icy blue, crystalline formations are visible, appearing to encase internal components

Briefing

A sophisticated phishing attack successfully compromised an unidentified investor’s 2-of-4 Safe multi-signature wallet, resulting in the unauthorized transfer of assets. The primary consequence involved the draining of over $3 million in USDC, which the attacker rapidly converted to Ethereum and routed through Tornado Cash. This incident highlights a critical vulnerability in user transaction verification processes and the evolving tactics of threat actors. The total financial impact of the exploit stands at $3.047 million in USDC.

The image displays a sleek, translucent device with a central brushed metallic button, surrounded by a vibrant blue luminescence. The device's surface exhibits subtle reflections, highlighting its polished, futuristic design, set against a dark background

Context

Prior to this incident, the digital asset landscape has consistently faced persistent phishing threats targeting user approvals and wallet permissions. The prevailing attack surface includes interfaces where users authorize transactions, making them susceptible to social engineering and malicious contract interactions. A known class of vulnerability involves attackers deploying seemingly legitimate, Etherscan-verified contracts to masquerade as trusted entities, a tactic this exploit effectively leveraged.

A sleek, rectangular device, crafted from polished silver-toned metal and dark accents, features a transparent upper surface revealing an intricate internal mechanism glowing with electric blue light. Visible gears and precise components suggest advanced engineering within this high-tech enclosure

Analysis

The attack initiated with the attacker deploying a fake, Etherscan-verified contract weeks in advance, programmed with deceptive “batch payment” functions. The specific system compromised was the victim’s multi-signature wallet, facilitated through the Request Finance app interface. The attacker crafted the fraudulent contract to mirror the legitimate recipient’s address, using identical first and last characters.

This enabled the malicious approval to be disguised within the Safe Multi Send mechanism, appearing as a routine authorization. The chain of cause and effect shows the attacker’s strategic preparation, exploiting the victim’s trust and the complexity of transaction details to gain unauthorized control over funds.

Vibrant blue and clear liquid dynamically splashes across dark, reflective metallic and matte surfaces, highlighting intricate fluid interactions. The scene features various hardware components, including vents and polished panels, set against a light background

Parameters

  • Protocol/Wallet Targeted ∞ Unidentified investor’s 2-of-4 Safe multi-signature wallet
  • Vulnerability Type ∞ Sophisticated Phishing, Malicious Contract Approval
  • Financial Impact ∞ $3.047 Million USDC
  • Blockchain AffectedEthereum
  • Attack Vector Detail ∞ Fake Etherscan-verified contract mimicking legitimate address, exploiting Safe Multi Send mechanism
  • On-Chain Forensics ∞ Funds swapped to Ethereum and routed to Tornado Cash
  • Initial Flagging ∞ ZachXBT on September 11, 2025
  • App Interface Exploited ∞ Request Finance app

The image displays an intricate assembly of polished silver-toned rings, dark blue plastic connectors, and numerous thin metallic wires. These elements are tightly interwoven, creating a dense, technical composition against a blurred blue background, highlighting precision engineering

Outlook

Immediate mitigation steps for users involve heightened scrutiny of all transaction approval requests, particularly when interacting with multi-send mechanisms. Users must verify the full contract address and not solely rely on partial matching. This incident will likely establish new security best practices emphasizing enhanced client-side validation and improved user interface transparency for complex transaction types. The contagion risk extends to any protocol or user relying on similar multi-send or batch transaction functionalities without robust, explicit authorization checks.

A futuristic, rectangular device with rounded corners is prominently displayed, featuring a translucent blue top section that appears frosted or icy. A clear, domed element on top encapsulates a blue liquid or gel with a small bubble, set against a dark grey/black base

Verdict

This incident underscores the critical necessity for advanced user education and robust protocol-level safeguards against increasingly sophisticated social engineering and contract impersonation tactics.

Signal Acquired from ∞ cryptoslate.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

malicious contract

Definition ∞ A malicious contract is a piece of code, often a smart contract on a blockchain, designed with the intent to deceive, defraud, or harm users.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

transaction

Definition ∞ A transaction is a record of the movement of digital assets or the execution of a smart contract on a blockchain.

wallet

Definition ∞ A digital wallet is a software or hardware application that stores public and private keys, enabling users to send, receive, and manage their digital assets on a blockchain.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

financial impact

Definition ∞ Financial impact describes the consequences of an event, decision, or technology on monetary values, asset prices, or economic activity.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

contract

Definition ∞ A 'Contract' is a set of rules and code that automatically executes when predefined conditions are met.

tornado cash

Definition ∞ Tornado Cash is a decentralized cryptocurrency mixing service designed to enhance user privacy by obscuring the transaction history of digital assets.

interface

Definition ∞ An interface is a point where two systems, subjects, organizations, etc.

users

Definition ∞ Users are individuals or entities that interact with digital assets, blockchain networks, or decentralized applications.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

Tags:

Tags: