#User lost $460,000 in a simulated trading scam.#
Hot Topic Overview
Overview
Recently, a user lost 143.45 ETH, approximately $460,800, due to a transaction simulation scam. The attacker exploited the delay between transaction simulation and execution in Web3 wallets by creating a phishing website. After the user submitted the transaction, the attacker immediately tampered with the on-chain state. Specifically, the phishing website initiated a "Claim" ETH transfer request, and the wallet simulated receiving a small amount of ETH. However, the attacker subsequently modified the contract state, resulting in the user's actual transaction depleting their wallet assets. This incident serves as a reminder for users to exercise extreme caution when conducting Web3 transactions, avoiding clicking suspicious links and carefully verifying transaction information.
Ace Hot Topic Analysis
Analysis
Recently, a user lost 143.45 ETH, approximately $460,800, due to a transaction simulation scam. The attacker exploited the delay between transaction simulation and execution in Web3 wallets by creating phishing websites to manipulate the on-chain state immediately after the transaction was submitted. Specifically, the attacker would initiate a "Claim" ETH transfer request, and the wallet would simulate receiving a small amount of ETH. However, the attacker would then modify the contract state, resulting in the actual transaction draining the wallet's assets. This incident serves as a reminder for users to be wary of phishing websites and to be mindful of the delay between transaction simulation and execution when using Web3 wallets, to avoid losses caused by attackers exploiting this vulnerability.