Yesterday, Mikko Ohtamaa, co-founder of Trading Protocol, shared a concerning post promoting a crypto drainer tailored for both tokens and NFTs, boasting its capability to bypass all transaction simulations.
The advertisement shares with potential buyers the details about the functionality of wallet drainers, which rely on front-end scripts designed to steal valuable assets, promising to provide a variety of potent and uncommon scripts. The ad assures customers that the code they receive is devoid of obfuscation and is easily customizable. Additionally, the script seller claims that they are programmed "to only receive high-valued assets."
Read also: Drainer Steals $91 Million Memecoin with Zero Liquidity: Major Incidents from Past Week
The offer presented by this individual encompasses various options. For 3 ETH, valued at over $8,700 at the time of writing, malicious actors can obtain an investment DeFi page set up to facilitate "claiming user's ERC20 tokens," which can then be surreptitiously sent to any address. Additionally, scripts for draining Ether without revealing the fund amount and gas fee, along with a script designed to pilfer all NFTs with "setApproveAll" from a wallet, are also available for 3 ETH each.
For 4 ETH, scammers can acquire a script capable of draining both ERC-20 tokens and NFTs with "setApproveAll," while an extra 2 ETH will add the Ether drainer to the set.
Furthermore, the post's author brags about owning scripts for draining "the most valuable assets of the user simply by signing a signature request," applicable for ERC-20, ERC-721, and ERC-1155 tokens, as well as Ether. The ad asserts that the script will bypass MetaMask's new update and conceal the asset amount. This solution is priced at 10 ETH, equivalent to almost $30,000 at the time of publication.
This post ignited a debate within the cryptocurrency community on X, with many users questioning the credibility of the advertised capabilities. To some, the post seemed to be an attempt "to scam scammers," as selling the code purportedly capable of draining any wallet instead of utilizing it personally appeared impractical.
This skepticism was not only voiced by regular crypto users but also shared by the team behind the Web3 security solution Wallet Guard. The team representative stated that Wallet Guard "is always exploring potential bypasses," suggesting that the seller of the new drainer scripts "may be bluffing on some of their claims."
X user NullPenguin, president of the Web3 research university-based ecosystem Blockchain at UCI, also speculated that the advertisement could be a scam attempt. However, NullPenguin expressed more doubt regarding the way, in which the drainer deployer would profit from the scripts, emphasizing that "Actual good drainers typically selectively sell their drainers and take a percentage of the stolen assets from the people they sell it to, sort of as a royalty."
However, not everyone engaged in the conversation shared this skepticism. Representatives from the multi-party computation crypto wallet Pulse Wallet argued that "transaction simulation and firewalls provide a false sense of security."
On the other hand, Ohtamaa approached the advertisement with a serious perspective, suggesting that the "permit" function might only trigger a "sign" message without revealing details about the "send" transactions. Additionally, Ohtamaa speculated that the simulation capabilities of the Turing-complete Ethereum Virtual Machine (EVM) might be constrained to computations executable by a Turing machine, a concept introduced by Alan Turing in 1936.
"You can split stealing of the assets over multiple transactions, as Ethereum is stateful. The simulation considers a single transaction only," the co-founder of Trading Protocol further explained the limitations, adding that "It is difficult to simulate what can happen in the following transactions."
Ohtamaa also cited an example of drainers bypassing transaction simulation, which was previously documented by the anti-scam platform Scam Sniffer in February. In this case, scammers on the Solana network utilized a switch to fabricate simulation results, deceiving users into signing malicious transactions. With the switch enabled, "users saw the fake simulation results while signing malicious transactions," as reported by Scam Sniffer. Once the switch was disabled, the scammers executed the transactions and stole the assets.
Blowfish, an on-chain security team, was among the first to identify this scam spreading on the Solana network. They noted that newer Solana-oriented drainers, such as Aqua and Vanish, are currently employing this technique, which Blowfish refers to as a "bitflip attack."
"A 'bitflip attack' is a transaction that looks like it is sending you SOL (for example) when our system simulates it, but in reality, it drains your wallet when it is actually submitted on-chain," Blowfish explained in the X thread on February 9.
Read also: Turbulent Start of 2024: Gamma Strategies, Radiant Capital Hacks and Solana Drainers
According to blockchain security experts, in such a scenario, the victim initially signs a seemingly harmless transaction. However, the drainer intercepts the signature from the victim's transaction and temporarily holds onto it instead of immediately sending it to the dApp. Through a separate transaction, the drainer manipulates conditional logic, causing the dApp to take assets from the victim rather than sending them as intended. Once the conditional logic has been altered, the drainer submits the original transaction with the victim's signature, resulting in the victim's funds being mysteriously depleted.
Crypto wallet signature and approval scams on Ethereum
Concerns about the ever-evolving strategies employed by proliferating wallet drainers are regularly raised by leading blockchain security firms. A recent report from CertiK emphasized that attackers have developed effective anti-simulation methods, enabling them to bypass transaction simulations widely used as a protective measure. Meanwhile, ScamSniffer highlighted that thefts on Solana primarily originate from phishing signatures, contrasting with Ethereum's susceptibility to approval exploits.
Ironically, in both scenarios, it is the victim who ultimately allows the scammer to drain the wallet. Less than a month ago, Ohtamaa shared an extensive thread on the popularity of approval and crypto wallet signature scams with a particular emphasis on Ethereum, highlighting the fact that these scams involve victims signing their own transactions.
Ohtamaa explained that these types of exploits are categorized as authorized transfers in the cryptocurrency world, as opposed to unauthorized transfers, which are most often caused by malware, such as those resulting from the use of Microsoft Windows or Excel macros.
Ohtamaa emphasized a critical distinction between authorized transfers, where victims knowingly sign transactions that later exploit them, such as in rug pulls or romance scams, and wallet signature and approval scams, where victims unknowingly sign transactions. The Trading Protocol co-founder cited the example of Moobirds NFT founder Kevin Rose, who accidentally signed an NFT transaction costing him nearly $2 million.
However, Ohtamaa noted that the confusion is not solely the fault of the victims. The nature of cryptocurrency transfers, especially those facilitated by Ethereum wallets, can be perplexing to users due to the lack of clarity inherent in traditional banking transfers. Ethereum wallets often do not fully comprehend the purpose of transactions, and the smart contract function calls for transfers are not straightforward, particularly for non-developers.
Ohtamaa stressed that the ERC-20 token transfer standard complicated the transfer process by introducing different methods for plain value transfers and smart contract interactions. For smart contract interactions, methods like "approve()" and "transferFrom()" were introduced, necessitating two physical transactions and resulting in multiple pop-ups in wallets like MetaMask during activities like Uniswap swaps.
Although alternative methods like "transferAndCall()" offer cleaner semantics, the former option was selected due to concerns about re-entrancy attacks. Overall, the Ethereum community prioritized minimizing Solidity development attack surfaces over providing user-friendly transfer descriptions.
Further complications arose from Ethereum NFT standards inherited from ERC-721, which involved a two-step transaction process with "approve()" and "transferFrom()" functions, leading to inefficiencies such as increased gas fees and multiple MetaMask pop-ups. Instead of simplifying the ERC token standard with clearer transfer semantics, developers introduced various stopgap solutions, exacerbating issues by neglecting end-user security and offering complex signature schemes that users find challenging to understand.
Unfortunately, some of these signature schemes, while benefiting Solidity developers, may overlook user experience and security. Ohtamaa highlights that services like Uniswap and OpenSea inadvertently encourage users to provide infinite approvals and sign anything, contributing to a breeding ground for scams.
Ohtamaa believes that this problem is "self-inflicted" and "it would have been much better to have ERC-20 without the need for approve() from the beginning," while mitigating the risk of re-entrancy attacks at a lower level.
