Hot Topic Ranking

Hot Score

Large ETH, BTC orders appear

Grayscale is bullish on Bitcoin's prospects.

EU New Regulations Boost Euro Stablecoin Development

Bybit launches CGPT contracts

Buy Bitcoin on dips

Coinbase Receives Subpoena

Tether's foray into AI film

Morgan Stanley: March rate cut likely

## Stablecoin Issuers Face Sell-Off

Giant whales AAVE, UNI make a killing

U.S. Nonfarm Payrolls Rise More Than Expected

Whale buys 1 billion XRP

Quantum computers cannot crack Bitcoin.

U.S. Justice Department Accuses Russian National of Money Laundering

FDIC Vice Chair Backs Cryptocurrencies

Related Currencies

#User lost $460,000 in a simulated trading scam.#

Posts

Hot Topic Details

Hot Topic Overview

Ace Hot Topic Analysis

Public Sentiment · Discussion Word Cloud

Classic Views

Hot Topic Details

Hot Topic Overview

Overview

Recently, a user lost 143.45 ETH, approximately $460,800, due to a transaction simulation scam. The attacker exploited the delay between transaction simulation and execution in Web3 wallets by creating a phishing website. After the user submitted the transaction, the attacker immediately tampered with the on-chain state, resulting in the user losing all their assets. The attack process involved the phishing website initiating a "Claim" ETH transfer request. The wallet simulated receiving a small amount of ETH, but the attacker modified the contract state on the backend, ultimately leading to the actual transaction depleting the wallet's assets.

Ace Hot Topic Analysis

Analysis

Recently, a user lost 143.45 ETH, approximately $460,800, due to a transaction simulation scam. The incident occurred in a Web3 wallet, where the attacker exploited the delay between transaction simulation and execution by creating a phishing website to manipulate the on-chain state immediately after the transaction was submitted. Specifically, the phishing website initiated a "Claim" ETH transfer request, and the wallet simulated receiving a small amount of ETH. However, the backend modified the contract state, resulting in the actual transaction depleting the user's wallet assets. This incident exposes a potential security vulnerability in the transaction simulation feature of Web3 wallets, allowing attackers to steal assets from users without their knowledge. Therefore, users should be cautious when using Web3 wallets for transactions, carefully identify phishing websites, and be aware of the difference between transaction simulation and actual execution to avoid losses due to misoperation.

Related Currencies

Public Sentiment · Discussion Word Cloud

Public Sentiment

100%

Discussion Word Cloud

Classic Views

The trading simulation function was exploited by attackers, resulting in user funds loss.

Attackers created phishing websites to tamper with the on-chain status immediately after the transaction was submitted, thereby defrauding users of their funds.

The attack process is as follows: the phishing website initiates a "Claim" ETH transfer request, the wallet simulates receiving a small amount of ETH, the backend modifies the contract status, and the actual transaction exhausts the wallet assets.

The delay between transaction simulation and execution is the vulnerability exploited by attackers.