New Web3 attack exploits transaction simulations to steal crypto
Threat actors are employing a new tactic called “transaction simulation spoofing” to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000.
The attack, spotted by ScamSniffer, highlights a flaw in transaction simulation mechanisms used in modern Web3 wallets, meant to safeguard users from fraudulent and malicious transactions.
How the attack works
Transaction simulation is a feature that allows users to preview the expected outcome of a blockchain transaction before signing and executing it.
It is designed to enhance security and transparency by helping users verify what the transaction will do, like the amount of transferred cryptocurrency, gas fees and other transaction costs,…
