Web3 Hackers Steal $460K Using New ‘Transaction Simulation’ Exploit

Web3 Hackers Steal $460K Using New 'Transaction Simulation' Exploit

Crypto Thieves Deploy New “Transaction Simulation Spoofing” Attack, Stealing $460,000 in Ethereum

A sophisticated crypto theft technique has emerged, exploiting vulnerabilities in Web3 wallet security features. Security firm ScamSniffer recently reported a successful attack that resulted in the theft of 143.45 Ethereum (approximately $460,000) through “transaction simulation spoofing.”

The Attack Mechanism
Transaction simulation, typically a security feature allowing users to preview blockchain transactions, is being manipulated by attackers. The process involves:

1. Victims are directed to malicious websites mimicking legitimate platforms
2. A fake “Claim” function is presented with favorable simulation results
3. During the delay between simulation and execution, attackers alter the contract state
4. Users, trusting the initial simulation, approve the transaction
5. The modified transaction drains the victim’s wallet

In the documented case, a 30-second delay between simulation and execution resulted in the complete loss of the victim’s assets.

Security Recommendations
ScamSniffer suggests several preventive measures:
– Reducing simulation refresh rates
– Implementing forced refresh before critical operations
– Adding expiration warnings for users

User Precautions
Cryptocurrency holders should:
– Avoid trusting wallet simulations blindly
– Be skeptical of “free claim” offers
– Only interact with verified decentralized applications (dApps)

This attack represents a significant evolution in phishing techniques, exploiting trusted security features rather than relying on simple deception.

Share This Article