Hot Topic Ranking

Hot Score

Ronin Launches AI Agent

Grayscale is bullish on Bitcoin's prospects.

Bybit launches CGPT contracts

Buy Bitcoin on dips

Coinbase Under Investigation by CFTC

Tether's foray into AI film

Morgan Stanley: March rate cut likely

Giant whales AAVE, UNI make a killing

Binance lists three new coins

U.S. Nonfarm Payrolls Rise More Than Expected

Quantum computers cannot crack Bitcoin.

U.S. Justice Department Accuses Russian National of Money Laundering

FDIC Vice Chair Backs Cryptocurrencies

CFPB Proposes to Regulate Stablecoins

CFTC Enforcement Chief Departs

Related Currencies

#User lost $460,000 in a simulated trading scam.#

Posts

Hot Topic Details

Hot Topic Overview

Ace Hot Topic Analysis

Public Sentiment · Discussion Word Cloud

Classic Views

Hot Topic Details

Hot Topic Overview

Overview

Recently, a user lost 143.45 ETH, approximately $460,800, due to a transaction simulation scam. The attacker exploited the delay between transaction simulation and execution in Web3 wallets by creating a phishing website. After the user submitted the transaction, the attacker immediately tampered with the on-chain state. The attack process was as follows: the phishing website initiated a "Claim" ETH transfer request, the wallet simulated receiving a small amount of ETH, but the attacker modified the contract state in the backend, resulting in the actual transaction depleting the user's wallet assets. This incident reminds users to be cautious about the transaction simulation function when using Web3 wallets and be wary of phishing website attacks.

Ace Hot Topic Analysis

Analysis

Recently, a user lost 143.45 ETH, approximately $460,800, due to a transaction simulation scam. This incident exposed a potential security vulnerability in the transaction simulation feature of Web3 wallets. Attackers exploited the delay between transaction simulation and actual execution by creating phishing websites to manipulate the on-chain state immediately after users submitted transactions. Specifically, attackers would initiate a fake "Claim" ETH transfer request, and the wallet would simulate receiving a small amount of ETH. However, the attackers would then modify the contract state, resulting in the actual transaction draining all assets from the user's wallet. This incident serves as a reminder for users to exercise extreme caution when using Web3 wallets for transactions, avoid clicking on suspicious links, and ensure that the transaction simulation results match the actual execution results.

Related Currencies

Public Sentiment · Discussion Word Cloud

Public Sentiment

100%

Discussion Word Cloud

Classic Views

Transaction simulation functionality has a security vulnerability that allows attackers to manipulate the on-chain state with a delay.

Attackers can use phishing websites to trick users into making transactions and use the delay in transaction simulation to defraud them.

Attackers can display a small amount of ETH in the transaction simulation, but drain the wallet assets in the actual transaction.

Web3 wallet transaction simulation functionality needs to strengthen security measures to prevent attackers from using delays to defraud.