Security

Multi-Signature Wallet Drained by Sophisticated Phishing Attack

A deceptive phishing attack leveraged fake Etherscan verification and Safe Multi Send to bypass multi-signature wallet security, resulting in significant asset loss.
September 16, 20253 min

A close-up view reveals a polished, metallic object, possibly a hardware wallet, partially encased within a vibrant blue, translucent framework. The entire structure is visibly covered in a layer of white frost, creating a striking contrast and suggesting extreme cold
A close-up renders a sophisticated white and dark grey toroidal device, featuring a central spherical core from which several vibrant blue, segmented light streams emanate outwards. The surrounding structure is composed of sleek, modular segments, hinting at advanced engineering and functional design

Briefing

A sophisticated phishing campaign successfully compromised a 2-of-4 Safe multi-signature wallet, leading to the unauthorized transfer of $3.047 million in USDC. The attacker leveraged a meticulously crafted, fake Etherscan-verified contract to obscure malicious approval requests within seemingly legitimate Safe Multi Send transactions. This incident underscores a critical evolution in social engineering tactics, targeting the inherent trust in verified contract interfaces and multi-signature operational flows. The immediate consequence involved the swift exfiltration of funds, which were subsequently converted to Ethereum and routed through a privacy protocol, complicating recovery efforts.

The foreground presents a detailed view of a sophisticated, dark blue hardware module, secured with four visible metallic bolts. A prominent circular cutout showcases an intricate white wireframe polyhedron, symbolizing a cryptographic primitive essential for secure transaction processing

Context

Prior to this incident, the digital asset landscape observed a persistent threat from phishing, often targeting individual users through direct wallet connection requests or malicious links. This attack represents an escalation, moving beyond basic impersonation to exploit the perceived legitimacy of Etherscan verification and the complexity of multi-signature transaction bundling. The prevailing attack surface included user vigilance against transaction details and the implicit trust placed in established on-chain verification mechanisms.

A highly detailed render showcases intricate glossy blue and lighter azure bands dynamically interwoven around dark, metallic, rectangular modules. The reflective surfaces and precise engineering convey a sense of advanced technological design and robust construction

Analysis

The attack vector involved a multi-stage social engineering exploit targeting the victim’s multi-signature wallet and interaction with the Request Finance app. The attacker deployed a counterfeit, Etherscan-verified contract nearly two weeks in advance, pre-programming it with multiple “batch payment” functions to appear legitimate. On the day of the exploit, a malicious approval was executed through the Request Finance app interface.

This approval was artfully disguised within the Safe Multi Send mechanism, allowing the attacker to bypass standard scrutiny by mimicking the first and last characters of a legitimate recipient address. This chain of events enabled the attacker to gain unauthorized access to and drain the victim’s USDC holdings.

The image showcases a central, luminous white mechanism surrounded by a dense cluster of transparent, blue cubes etched with detailed circuitry. This composition visually interprets the fundamental building blocks of distributed ledger technology and advanced cryptographic systems

Parameters

  • Targeted Protocol/Wallet → 2-of-4 Safe multi-signature wallet
  • Vulnerability Type → Sophisticated phishing via fake Etherscan-verified contract and Safe Multi Send exploit
  • Financial Impact → $3.047 Million USDC
  • Blockchain(s) AffectedEthereum
  • Attack Date → September 11, 2025
  • Funds Destination → Ethereum, then Tornado Cash
  • Leveraged Interface → Request Finance app

A highly detailed, three-dimensional object shaped like an 'X' or plus sign, constructed from an array of reflective blue and dark metallic rectangular segments, floats against a soft, light grey background. White, textured snow or frost partially covers the object's surfaces, creating a striking contrast with its intricate, crystalline structure

Outlook

Immediate mitigation for users involves heightened scrutiny of all transaction approval requests, particularly those involving batch operations or interactions with third-party interfaces. Protocols must enhance their front-end security to detect and flag interactions with known malicious or mimicked contract addresses. This incident will likely establish new best practices for contract verification processes and necessitate more robust client-side transaction simulation tools to expose hidden malicious payloads. The contagion risk extends to any protocol or user relying on similar multi-send mechanisms without rigorous transaction content validation.

A futuristic spherical mechanism, partially open, reveals an intricate internal process with distinct white and blue elements. The left side displays a dense aggregation of white, granular material, transitioning dynamically into a vibrant formation of sharp, blue crystalline structures on the right, all contained within a metallic, paneled shell

Verdict

This incident serves as a critical warning, emphasizing the escalating sophistication of social engineering attacks that exploit trust in verified on-chain identities and complex transaction structures.

Signal Acquired from → cryptoslate.com

Micro Crypto News Feeds

multi-signature wallet

Definition ∞ A multi-signature wallet is a type of digital wallet that requires multiple private keys to authorize a transaction.

multi-signature

Definition ∞ Multi-signature, often abbreviated as multisig, is a type of digital signature that requires more than one cryptographic key to authorize a transaction.

social engineering

Definition ∞ Social engineering is a non-technical method of influencing people to give up confidential information or perform actions that benefit the attacker.

usdc

Definition ∞ USDC is a prominent stablecoin designed to maintain a fixed value relative to the US dollar.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

vulnerability

Definition ∞ A vulnerability refers to a flaw or weakness in a system, protocol, or smart contract that could be exploited by malicious actors to compromise its integrity, security, or functionality.

ethereum

Definition ∞ Ethereum is a decentralized, open-source blockchain system that facilitates the creation and execution of smart contracts and decentralized applications (dApps).

funds

Definition ∞ Funds, in the context of digital assets, refer to pools of capital pooled together for investment in cryptocurrencies, tokens, or other digital ventures.

transaction approval

Definition ∞ Transaction approval signifies the explicit consent given by a user or authorized party to proceed with a proposed transaction, particularly in digital asset contexts.

transaction

Definition ∞ A transaction is a record of the movement of digital assets or the execution of a smart contract on a blockchain.

Tags:

Tags: