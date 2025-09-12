Fake Request Finance Contract Drains $3M $USDC from Safe Wallet

By: Blockchainreporter
2025/09/12 20:20
USDCoin
USDC$0.9995-0.01%
Safe Token
SAFE$0.4594+4.45%
Ambire Wallet
WALLET$0.02664-0.07%
usdc main

The Web3 community has experienced a tragic shake with a major crypto security breach. A victim got a sophisticated exploit in which he lost $3.047 million in $USDC. The attack involves a fake Request Finance contract which was linked with a Safe multi-sig wallet.

This breach highlights the fact that even the legitimate-looking batch transactions with hidden malicious approvals can cause the mishap. In this case, the experienced users also suffer and face vulnerability.

Fake Request Finance Contract Makes the System Fool

Scam Sniffer, a platform shedding light on crypto scams, observed that, before the 13 days of the theft, the attacker deployed a malicious contract. The scammer has deliberately designed the Etherscan-verified malicious contract to get a fake copy of the legitimate Request Finance Batch Payment contract.

Both addresses had the same beginning and ending characters, becoming nearly identical. This resulted in difficulty in recognizing the real and fraudulent versions. There was a further execution of multiple “batchPayments” from the attacker to appear as trustworthy.

While using the Request Finance app interface, the victim executed batch transactions. This execution included the hidden approval of a malicious contract unknowingly. Through this approval, the scammer gained access and drained the wallet. After that, he swapped the funds for ETH immediately, funnelling it to Tornado Cash. So now, the recovery of that fund is nearly impossible. 

Industry Response to the Attack and Possible Security Measures

A quick alert was issued by the Request Finance, announcing the deployment of malicious attack having an identical contract. They have cleared that only one person was affected by the attack, ensuring others that they had already addressed the vulnerability.

Besides this, the exact vector involved in the attack is unclear till now. Security experts give a number of possible reasons, including application-level vulnerabilities, compromised frontends, malware or browser extension interference, DNS hijacking, or other injection techniques.

Through this exploit, a growing threat is highlighted, giving awareness of malicious verified contracts and near-identical addresses. To hide malicious approvals, the stealers combine multi-send functionality, even utilizing small and critical oversights for their scam execution.

So, the experts advise users to check and verify every batch approval carefully while cross-checking contract addresses character by character. It is necessary for users to remain vigilant while executing transactions and giving approvals. The app security is essential to prevent devastating losses.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Share Insights

You May Also Like

Four whales recently sold a total of $29.33 million worth of HYPE to take profits

Four whales recently sold a total of $29.33 million worth of HYPE to take profits

PANews reported on September 12 that according to Lookonchain monitoring, as the price of HYPE rose, whales began to take profits. 0x746b (qianbaidu.eth) sold 188,861 HYPE (worth $10.58 million) at an average price of $56.01 in the past 4 hours. 0x7be1 sold 175,000 HYPE (worth $9.75 million) at an average price of $55.72 in the past four days. 0x0e41 sold 113,310 HYPE (worth $6.32 million) at an average price of $55.74 in the past three days. 0xe867 sold 50,000 HYPE (worth $2.77 million) at an average price of $55.53 in the past 20 hours.
Hyperliquid
HYPE$55.65+2.20%
Oasis
ROSE$0.0274+0.92%
Overtake
TAKE$0.16551-13.77%
Share
PANews2025/09/12 21:36
Share
FHFA Director slams Fed Chairman Powell: He is out of touch with hard-working Americans

FHFA Director slams Fed Chairman Powell: He is out of touch with hard-working Americans

PANews reported on June 21 that according to Jinshi, the Director of the U.S. Federal Housing Finance Agency (FHFA) Pulte criticized the Chairman of the Federal Reserve Powell, saying that
Union
U$0.01111+10.54%
Juneo Supernet
JUNE$0.0901-8.15%
Share
PANews2025/06/21 22:02
Share
By the Time Dogecoin Price Hits $1, a Small $150 Investment in This DOGE Rival Will Have Grown into Over $15,000

By the Time Dogecoin Price Hits $1, a Small $150 Investment in This DOGE Rival Will Have Grown into Over $15,000

Dogecoin (DOGE) is always in the conversation when people talk about meme coins. But a new rival is rewriting what meme coins can stand for.
DOGE
DOGE$0.2635+6.14%
ConstitutionDAO
PEOPLE$0.02057+3.94%
CrypTalk
TALK$0.0553-1.25%
Share
The Cryptonomist2025/09/12 19:47
Share

Trending News

More

Four whales recently sold a total of $29.33 million worth of HYPE to take profits

FHFA Director slams Fed Chairman Powell: He is out of touch with hard-working Americans

By the Time Dogecoin Price Hits $1, a Small $150 Investment in This DOGE Rival Will Have Grown into Over $15,000

Ai&Meme Daily, a picture to understand the popular Ai&Memes in the past 24 hours (2025.4.7)

Publicly listed Allied Gaming & Entertainment announces its first investments in Bitcoin and Ethereum