Hackers steal 143 ETH via transaction‑simulation spoofing

Researchers at Scam Sniffer have flagged a new ruse in which criminals steal crypto by spoofing transaction simulations. In a single incident, attackers siphoned 143.45 ETH (about $460,000) in 30 seconds.

1/8 ? SECURITY ALERT: A victim lost 143.45 ETH ($460,895) through transaction simulation spoofing 1 day ago.

Here’s how these attacks work… ? pic.twitter.com/IQTSS8I3dp

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 10, 2025

Some Web3 wallets let users preview the outcome of a transaction before signing, a feature meant to improve transparency by showing expected receipts, fees and other on-chain details.

Fraudsters exploit a weakness in this mechanism. They lure victims to a malicious site that promises a small amount of Ethereum and offers a preview of a claim transaction.

4/8 ? The attack sequence:
• Phishing site initiates a “Claim” ETH transfer
• Wallet simulates tiny ETH receipt (0.000…0001 ETH)
• Backend modifies contract state
• Actual transaction drains wallet pic.twitter.com/0iNmQOLL5E

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 10, 2025

But the delay between simulation and execution gives attackers time to alter the contract state on-chain. If the user signs the transaction, the wallet is drained.

Experts urge Web3-wallet developers to align simulation refresh intervals with block times and to force-refresh results before critical operations, warning users of the risk.

In late 2024, Scam Sniffer experts exposed a fraud scheme to steal cryptocurrency using fake influencers and malicious Telegram bots.