New wallet drainer targets growing blockchain ecosystems: Blockaid

Analysts say a newly developed wallet exploit has unleashed a wave of scams targeting emerging blockchain ecosystems like TON and TRON.

Blockchain ecosystems like OpenNet and TRON appear to be under siege after the newly developed AngelX wallet exploit unleashed a wave of scams, signaling a significant increase in cyber threats in the crypto space.

Angel-backed scams | Source: Blockaid

Data provided by blockchain cybersecurity firm Blockaid shows that AngelX, which was first launched on August 31, has spread rapidly, with analysts detecting more than 300 malicious decentralized applications in just four days.

“This increase represents a significant increase in malicious activity, making AngelX one of the most aggressive wallet drainers in recent months.”

Blockage assistance

The new wallet exploit, which represents a more aggressive and advanced version of the original version, is understood to target less mature blockchain networks as hackers perceive these chains as “less equipped to defend against attacks due to a lack of robust security tools and support,” Blockaid said.

Blockaid’s research also revealed that over 90% of AngelX dApps were undetected by other major security providers, underscoring the growing challenge for blockchain security providers as malicious actors increasingly exploit new ecosystems.

Never-ending attacks

In mid-July, analysts at Match Systems reported that they had successfully de-anonymized those behind Angel Drainer, leading to speculation about whether the malware had ceased operations. Angel Drainer, a JavaScript-based malware, is used by cybercriminals to drain cryptocurrency wallets by running phishing scams that trick users into providing token confirmations, allowing attackers to steal their assets.

In mid-July, Match Systems analysts said they were able to de-anonymize members behind Angel Drainer, raising questions about whether the malware had suspended its activities. In February, Blockaid estimated that Angel Drainer had stolen $25 million worth of crypto from around 35,000 wallets, suggesting the malware was likely behind “high-profile dumps” like the Ledger Connect Kit and the Restake Farming attack.

Angel Drainer is a JavaScript-based malware used by cybercriminals to drain crypto wallets. It works by running phishing scams that trick users into giving token approval, allowing the scammers to steal their assets.