A hacker has sent small amounts of Ethereum to around 2,400 purportedly compromised wallets to approve Arbitrums ARB token in anticipation of the token’s airdrop, according to Arkham researchers.
gm
A reported hacker on Arbitrum has been sending money over the past 12 hours to around 2400 presumably compromised wallets.
These wallets then approve the ARB token in anticipation of receiving the airdrop.
address — 0x59d4087f3ff91da6a492b596cbde7140c34afb19
Stay safe!
— Arkham (@ArkhamIntel) March 20, 2023
Experts say the attackers scheme enables ARB owed to wallet owners to be automatically redirected to his address via a smart contract.
The Arbitrum developers planned an airdrop on March 23.
“From what we understand, the attacker has already gained access to these peoples wallets. He distributes ETH to initiate the confirmation transaction, then claim and sweep ARB,” the Arkham experts clarified.
The best course of action for users, the researchers say, is to revoke approvals and ensure they do not reappear before the airdrop begins.
“Of course, the hacker can always manually transfer your ARB if they have your private keys, but they will not be able to use a smart contract to do this automatically,” the experts conceded.
The best course of action would be to immediately revoke the approval — then revoke again if any other approval transactions appear before the airdrop claim opens.
Of course — the hacker can always manually transfer your ARB out if they have your private keys, but they will not https://t.co/SyAIxrhFgj
— Arkham (@ArkhamIntel) March 20, 2023
One of the owners of a hacked wallet said that Arbitrum does not allow exploit victims to delegate another address to receive tokens and safeguard assets.
my previously hacked wallet is part of this, but too bad @arbitrum doesn’t allow us victims to delegate another wallet to claim our airdrop so these claims are all going to hacker’s pocket instead
— mambajun.eth (@mam8ajun) March 20, 2023
The other affected user noted that it is extremely difficult to defend against the actions of a “sweeper bot.” He says he will turn to white-hat hackers to do this work.
Revoking is easy, claiming and transfering tokens is hard when you are going against a sweeper bot.
Flashbots discord server has a whitehat service so Ill just give the wallet to them if they take my case.
— Jerry The $GETH Farmer (@JerryTehFarmer) March 20, 2023
Earlier, Hundreds of fake sites were created in the run-up to the Arbitrum airdrop, connecting wallets to them led to the loss of all funds.