New ‘sophisticated’ phishing exploit drains $3M in USDC from multi-sig wallet

Bitget App

Trade smarter

Bitget

News

CryptoSlate2025/09/12 02:56

By:Oluwapelumi Adejumo

An unidentified crypto investor has lost over $3 million in a highly coordinated phishing attack after unknowingly authorizing a malicious contract.

On Sept. 11, blockchain investigator ZachXBT first flagged the incident, revealing that the victim’s wallet was drained of $3.047 million in USDC.

The attacker quickly swapped the stablecoins for Ethereum and funneled the proceeds into Tornado Cash, a privacy protocol often used to obscure the flow of stolen funds.

How the exploit occurred

SlowMist founder Yu Xian explained that the compromised address was a 2-of-4 Safe multi-signature wallet.

He explained that the breach originated from two consecutive transactions in which the victim approved transfers to an address that mimicked their intended recipient.

The attacker crafted the fraudulent contract so that its first and last characters mirrored the legitimate one, making it difficult to detect.

Xian added that the exploit took advantage of the Safe Multi Send mechanism, disguising the abnormal approval inside what appeared to be a routine authorization.

He wrote:

“This abnormal authorization was hard to detect because it wasn’t a standard approve.”

According to Scam Sniffer, the attacker had prepared the ground well in advance. They deployed a fake but Etherscan-verified contract nearly two weeks earlier, programming it with multiple “batch payment” functions to look legitimate.

On the day of the exploit, the malicious approval was executed through the Request Finance app interface, giving the attacker access to the victim’s funds.

In response, Request Finance acknowledged that a malicious actor had deployed a counterfeit version of its Batch Payment contract. The company noted that only one customer was affected and stressed that the vulnerability has since been patched.

Still, Scam Sniffer highlighted broader concerns about the phishing incident.

The blockchain security firm warned that similar exploits could stem from several vectors, including app vulnerabilities, malware or browser extensions modifying transactions, compromised front-ends, or DNS hijacking.

More importantly, the use of verified contracts and near-identical addresses illustrates how attackers are refining their methods to bypass user scrutiny.

The post New ‘sophisticated’ phishing exploit drains $3M in USDC from multi-sig wallet appeared first on CryptoSlate.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!

1. **Challenges in the Creator Economy**: Web2 content platforms suffer from issues such as opaque algorithms, non-transparent distribution, unclear commission rates, and high costs for fan migration, making it difficult for creators to control their own data and earnings. 2. **Integration of AI and Web3**: The development of AI technology, especially AI Avatar technology, combined with Web3's exploration of the creator economy, offers new solutions aimed at breaking the control of centralized platforms and reconstructing content production and value distribution. 3. **Positioning of the TwinX Platform**: TwinX is an AI-driven Web3 short video social platform that aims to reconstruct content, interaction, and value distribution through AI avatars, immersive interactions, and a decentralized value system, enabling creators to own their data and income. 4. **Core Features of TwinX**: These include AI avatar technology, which allows creators to generate a learnable, configurable, and sustainably operable "second persona", as well as a closed-loop commercialization pathway that integrates content creation, interaction, and monetization. 5. **Web3 Characteristics**: TwinX embodies the assetization and co-governance features of Web3. It utilizes blockchain to confirm and record interactive behaviors, turning user activities into traceable assets, and enables participants to engage in platform governance through tokens, thus integrating the creator economy with community governance.

BlockBeats•2025/11/22 11:23

Empowered by AI Avatars, How Does TwinX Create Immersive Interaction and a Value Closed Loop?

Aster CEO explains in detail the vision of Aster privacy L1 chain, reshaping the decentralized trading experience

Aster is set to launch a privacy-focused Layer 1 (L1) public chain, along with detailed plans for token empowerment, global market expansion, and liquidity strategies.

BlockBeats•2025/11/22 11:22