Security

$3.047 million USDC released in fake request finance contract attack

5 Min Read
5 Min Read
.047 million USDC released in fake request finance contract attack

A recent phishing attack has lost $3.047 billion in USDC. Exploits targeted secure multi-signature wallets. While using fake request finance agreements. Investigators say the attackers carefully planned the scheme. They did it in a way that seemed almost permitted. The victims used two secure, secure multi-signature wallets. According to Scam Sniffer, the transaction appeared to be being processed through the Request Finance app interface. However, what was hidden inside the batch request was the approval of the malicious contract.

The fake contract address was roughly the same as the legitimate contract address. There are only subtle differences in the intermediate characters. Both started and ended with the same character. It makes it difficult to notice at a glance. To improve reliability, the attackers have identified a malicious contract with Etherscan. This extra step made it seem authentic to anyone who casually reviews it. If approval is granted. The attacker quickly ran out of $3.047 billion in USDC. The stolen funds were then exchanged for ETH. They then quickly moved to tornado cash, making it difficult to track.

Carefully planned timeline

The attack timeline shows clear preparation. Thirteen days before the theft, the attacker deployed a fake request financial agreement. They performed multiple “batch payment” transactions to make the contract look active and reliable. By the time the victim has a conversation with it. The contract appeared to have a normal usage history. When the victim used the Request Finance app, the attacker slipped the hidden approval into a batch transaction. Once the transaction is signed, the exploit is complete.

See also  Radiant Capital Hacker Washs $26.7 million ETH

Response from Request Finance

Request Finance has confirmed the incident and issued a statement warning users. The company confirmed that the malicious actors deployed the look of a batch payment agreement. According to the statement, only one customer was affected. The vulnerability has since been fixed. However, the exact method used to inject malicious approval remains unknown. Analysts believe that possible attack vectors can contain vulnerabilities in the app itself. There are also frontends or DNS hijacks that modify malware or browser extension transactions or have been compromised. You cannot exclude other forms of code injection.

Security concerns have been highlighted

This case illustrates the growth trend of fraud in the crypto industry. Attackers no longer rely on basic phishing links or obvious tricks. Instead, they deploy verified contracts, mimic real services, and hide malicious actions within complex transactions. Batch transactions designed to simplify payments can also create opportunities for attackers. This is to group multiple actions together. It becomes difficult for users to see all approvals or forwarding. This ambiguity allows attackers to slip malformed operations. Without being noticed until it’s too late.

Community Lessons

Experts emphasize the need for extreme attention when using multisends. Alternatively, use the batch payment feature. All contract approvals must review letters by letter to avoid confusion with similarly visible addresses. As seen in this case, even the details that are often overlooked can cause significant losses. Security companies also recommend that users minimize the use of browser extensions. You can also check which apps are connected to your wallet.

See also  NASAA's 2025 Investor Risk List for Crypto and Social Media Scam Top

Update your software, use your hardware wallet for approval, and maintain cross-check contract addresses through trusted sources. These can reduce the risk of such exploits. This incident is a reminder to enhance user protection for the platform. Enhanced warnings, auto-flagrating contracts like visuals, and improved transaction visibility can help prevent similar attacks.

Costly reminders

The $3.047 million loss is a reminder of the high interests of a diversified financial. Secure and request financing remains a popular tool. Attackers are increasingly exploiting complexity. For users, attention is the only real defense. In this case, the attackers relied on sensitiveness, preparation, and persuasive fakes. Unfortunately, it was enough to trick a multi-signature setup and provide access. This case shows that in cryptography, all approvals are important for each click.

Discover more from Earlybirds Invest

Subscribe to get the latest posts sent to your email.

TAGGED:
Share This Article
Leave a comment

Popular News

Stripe Unveils Stablecoin Issuance Tool With Phantom’s CASH, Expands Into AI Commerce with OpenAI
Stripe Unveils Stablecoin Issuance Tool With Phantom’s CASH, Expands Into AI Commerce with OpenAI
Ethereum
Binance Futures announces the delisting of two Altcoins from the Futures Platform! Details here
Binance Futures announces the delisting of two Altcoins from the Futures Platform! Details here
Exchange
Ford's 5% Yielding Dividend Is Lucrative, but GM's Total Yield Is Still Better — Here's How That's Possible
Ford's 5% Yielding Dividend Is Lucrative, but GM's Total Yield Is Still Better — Here's How That's Possible
Solana
Google is apparently testing hypertension screening on the Pixel Watch
Google is apparently testing hypertension screening on the Pixel Watch
Technology
1,000,000 XRP Club: XRP Ledger Not Hitting Key Threshold
1,000,000 XRP Club: XRP Ledger Not Hitting Key Threshold
XRP
bitcoin
Bitcoin (BTC) $ 109,552.78
ethereum
Ethereum (ETH) $ 4,308.30
tether
Tether USDt (USDT) $ 1.00
bnb
BNB (BNB) $ 844.71
xrp
XRP (XRP) $ 2.81
cardano
Cardano (ADA) $ 0.809111
usd-coin
USDC (USDC) $ 1.00
binance-usd
BUSD (BUSD) $ 0.999956
dogecoin
Dogecoin (DOGE) $ 0.212492
okb
OKB (OKB) $ 176.30
shiba-inu
Shiba Inu (SHIB) $ 0.000012
tron
TRON (TRX) $ 0.335339
uniswap
Uniswap (UNI) $ 9.24
litecoin
Litecoin (LTC) $ 110.13
solana
Solana (SOL) $ 204.08
chainlink
Chainlink (LINK) $ 22.50
cosmos
Cosmos (ATOM) $ 4.40
ethereum-classic
Ethereum Classic (ETC) $ 20.17
filecoin
Filecoin (FIL) $ 2.25
bitcoin-cash
Bitcoin Cash (BCH) $ 587.44
monero
Monero (XMR) $ 269.33

Discover more from Earlybirds Invest

Subscribe now to keep reading and get access to the full archive.

Continue reading