Angel Drainer Group Strikes Again and PlayDapp Battles Hacker

Despite only being in business for just over a year, Angel Drainer has alarmingly drained more than $25 million from nearly 35,000 wallets.

The crypto community has been shaken by a series of very sophisticated attacks targeting wallets, platforms, and decentralized autonomous organizations (DAOs), leading to massive financial losses. The Angel Drainer group exploited Etherscan's verification tool to swindle over $400,000 from crypto wallets, capitalizing on a false sense of security among users.

Similarly, PlayDapp, a South Korean Web3 game development platform, faced a severe breach with the unauthorized minting of a staggering amount of its native PLA tokens, leading to a substantial drop in token value and a scramble to mitigate the damage. Meanwhile, HectorDAO, a DAO on the Fantom network, suffered a $2.7 million loss due to a hack in January, sparking outrage and legal threats from investors.

Angel Drainer Group Steals Over $400K Through Etherscan Exploit

The notorious phishing group Angel Drainer recently executed a sophisticated attack, swindling over $400,000 from 128 crypto wallets. This operation was executed through exploiting Etherscan’s verification tool to camouflage the malicious nature of a smart contract. According to a report by blockchain security firm Blockaid, the attack started early on Feb. 12, when Angel Drainer deployed a malevolent Safe (formerly known as Gnosis Safe) vault contract. The victims of this scam were tricked into signing a “Permit2” transaction on the compromised Safe vault contract, leading to the huge loss of funds.

Blockaid's analysis pointed out the scammers' strategic use of the Safe vault contract to instill a false sense of security among victims. This false security was further reinforced by Etherscan's automatic verification flag, which typically signifies legitimacy but, in this instance, masked the contract's malicious intent. However, Blockaid mentioned that the incident was not a direct assault on Safe’s platform nor did it broadly impact its user base. The security firm has notified Safe about the attack and is actively working to prevent more damages.

Angel Drainer, despite only being active for 12 months, has alarmingly drained over $25 million from nearly 35,000 wallets. Among the biggest exploits include the $484,000 Ledger Connect Kit hack and the Eigenlayer restake farming attack. The latter involved a cunning manipulation where a malicious function, once authorized by users, diverted staking rewards to an attacker-specified address. This method of attack was particularly interesting because it utilized an approval method unfamiliar to most security measures, rendering it undetectable by standard security protocols.

Furthermore, phishing attacks in the crypto space are also becoming increasingly concerning. Scam Sniffer, a Web3 scam tracking entity, reported that approximately 40,000 users across platforms including OpenSea, Optimism, zkSync, Manta Network, and SatoshiVM, fell prey to phishing attacks in January alone, resulting in a collective loss of $55 million. This troubling trend suggests that the total losses for the current year may surpass the previous year's $295 million, according to Scam Sniffer’s 2023 Wallet Drainers Report.

PlayDapp's Battle Against Hackers

Meanwhile, the South Korean Web3 game development platform and non-fungible token (NFT) marketplace, PlayDapp, experienced a security breach that continued into the new week. The issue first came to light on Feb. 9, when blockchain security firm PeckShield detected an apparent private key leak after the unauthorized minting of 200 million of PlayDapp's native PLA tokens, valued at $31 million at the time. Cyvers Alerts, another security firm, noted that the deployer's address had been compromised, allowing the attacker to add a new minter.

In response to the hack, PlayDapp reached out to the hacker on Feb. 10 through a post on X, offering a $1 million reward for the return of the stolen contracts and assets. The company also threatened to contact law enforcement, including the United States Federal Bureau of Investigation, if the hacker did not respond. PlayDapp's customer service also experienced downtime from Feb. 9 to 12 as the company dealt with the breach.

Despite these efforts, an additional 1.59 billion PLA tokens, worth $253.9 million, were minted on Feb. 12, according to the blockchain analytics firm Elliptic. This further minting exacerbated the situation even more, given that the total supply of PLA tokens before the hack was only 577 million. Elliptic highlighted that the hackers might find it challenging to sell these illicitly minted tokens due to their excessive supply compared to the pre-hack total.

The value of PLA tokens plummeted from $0.1823 at the start of Feb. 9 to $0.1482, with a surge in trading volume from $2.83 million to $60.17 million, as recorded by CoinMarketCap.

PlayDapp, known for introducing the play-to-earn game "Along with the Gods" on the Polygon blockchain in 2021, had to shut down the game service in May of 2023 due to sustainability issues. However, NFTs from the game remain available on the PlayDapp website. In the aftermath of the hack, PlayDapp has been working closely with blockchain analytics and security firms, centralized exchanges, and law enforcement to try and mitigate the damage and prevent further losses.

The Hector decentralized autonomous organization (HectorDAO), operating on the Fantom network, has been embroiled in controversy after a hack on Jan. 16 that resulted in a loss of $2.7 million. The incident has intensified demands from investors for control over the protocol's remaining funds, especially after the team strangely ceased communication after the hack. The situation worsened when it was revealed that before the hack, HectorDAO was already facing challenges, including a big drop in its treasury value due to the crypto winter and a subsequent $8 million loss from the Multichain bridge hack.

HectorDAO, which began in 2021, allowed early investors to buy its token, HEC, at a discount. The DAO's treasury, funded through this process, was intended to generate yield for token holders. However, as the project struggled, a decision was made in July of 2023 to liquidate the DAO and return funds to investors. Despite this decision, the process of distributing the treasury's assets, valued at around $16 million at the time of the vote, was delayed until the eve of the hack.

The hack happened as assets were being moved to a new contract for redemption. A malicious account exploited a vulnerability to transfer $2.7 million to itself. After the hack, the redemption platform was shut down, and the remaining assets were moved back to the treasury contract, with no further updates on the redemption process.

Investigations into the hack revealed that the attacker might have had access to the team's deployer account, suggesting an inside job or a private key compromise. This has led to a loss of trust among token holders, with some accusing the development team of negligence or malfeasance. Interestingly, the blockchain security firm CertiK warned the HectorDAO team about a vulnerability but the recommended changes were not implemented.

In response to the hack and the subsequent silence from the HectorDAO team, investors are considering legal action. The team's last communication stated that the redemption process was postponed and promised to maintain transparency, but with no clear steps forward, the community's frustration has grown. An ongoing investigation into the hack has not yet provided a resolution, leaving the future of HectorDAO and its investors uncertain.