All Posts
Security

Threat Report: AngelX

September 5, 2024
Subscribe to newsletter
By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Share

On August 29, Blockaid Threat Intel team became aware of a new drainer variant being tested in the wild.

This drainer was detected by our systems during regular proactive scans of newly deployed dApps - allowing us to catch a test dApp, that was likely never meant to be viewed by anyone other than the drainer developers.

While our systems successfully detected this test dApp as malicious, it contained a sample of a new, unknown drainer variant.

After additional research, we were able to procure additional samples, which allowed us to identify this as a new, yet to be released variant of Angel Drainer.

AngelX

This suspicion was confirmed on September 1st, when Angel Drainer announced on their Telegram channel that they are releasing a new version of their toolkit, dubbed AngelX.

According to Angel, this new version was unique as it included major improvements that were made in order to make new malicious dApp deployment much easier. Among these new features:

  • Support for draining users on new, previously unsupported chains - including TON and TRON.
  • A new command and control (CNC) dashboard for scammers, giving them a high level of control over how they conduct their scams.
  • Support for a seed-phrase-theft flow
  • New cloaking mechanism, meant to prevent detection by security vendors

On top of the samples, our team was able to gain access to the control panel of an AngleX instance, allowing us to examine the different ways Angel is working to improve the ease of drain:

Mitigation

As Blockaid Threat Hunting team was able to secure samples of this new variant ahead of its release to scammers, we were able to mitigate Angel’s bypass attempts and add detection logic before the drainer was released to scammers.

As you can see in the chart below, this pre-release effort proved highly valuable, with an explosive growth in Angel-powered scams starting with the release of the new variant:

Conclusion

This incident is another example of how proactive monitoring and early intervention are crucial in today’s adversarial Web3.

By catching the AngelX drainer variant during its testing phase, our team could develop and implement defenses before it became widely used.

This early action underscores how critical it is to monitor for evolving threats, especially as attackers continuously adapt their methods to target new platforms and users.

Thank you! We will reach out shortly to book a call.
Oops! Something went wrong while submitting the form.

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

Related posts

View all
Partnerships

io.finnet Strengthens Institutional DeFi Security Through Strategic Blockaid Integration

The added layer of insight equips institutional DeFi users to make safe, data-driven decisions.
Anatomy of an attack

Attack Report: Lottie Player supply chain attack

Step-by-step analysis of the Lottie Player Supply Chain Attack - and how Blockaid was able to detect it within minutes
Partnerships

Immutable Passport integrates Blockaid to protect Web3 gaming

Over 3 million players across 380+ games are now secured by Blockaid

USE CASES

Smart Contract SecurityWallet SecurityToken Interface SecurityExchange Security
© 2024,  Blockaid LTD
Terms of UsePrivacy PolicyReport an Issue
Find us on