#User lost $460,000 in a simulated trading scam.#
Hot Topic Overview
Overview
Recently, a user lost 143.45 ETH, approximately $460,800, due to a transaction simulation scam. The attacker exploited the delay between transaction simulation and execution in Web3 wallets by creating a phishing website and manipulating the on-chain state immediately after the user submitted the transaction. Specifically, the attacker initiated a "Claim" ETH transfer request through the phishing website. The wallet simulated receiving a small amount of ETH, but the attacker subsequently modified the contract state, resulting in the user's actual transaction depleting their wallet assets. This incident serves as a reminder for users to be vigilant when using Web3 wallets, avoid clicking suspicious links, and exercise caution when using transaction simulation features.
Ace Hot Topic Analysis
Analysis
Recently, a user lost 143.45 ETH, approximately $460,800, due to a transaction simulation scam. The incident occurred on the transaction simulation feature of a Web3 wallet, where the attacker exploited the delay between transaction simulation and execution. By creating a phishing website, the attacker manipulated the on-chain state immediately after the transaction was submitted. Specifically, the phishing website initiated a "Claim" ETH transfer request, and the wallet simulated receiving a small amount of ETH. However, the backend modified the contract state, ultimately resulting in the actual transaction draining the user's wallet assets. This incident serves as a reminder for users to exercise extreme caution when using the transaction simulation feature of Web3 wallets. Do not trust phishing websites and be aware of the delay between transaction simulation and execution to avoid similar losses.