New Web3 Attack Exploits Transaction Simulations to Steal Crypto
New Web3 attack, “transaction simulation spoofing,” steals crypto, exemplified by a $460,000 theft of 143.45 ETH. Attackers exploit transaction simulation flaws in wallets, luring victims to fake sites showing deceptive transaction previews. A delay allows attackers to change transaction outcomes, leading victims to authorize transactions draining their wallets. Users should be cautious of “free claims” on unverified sites, as trust in wallet simulations can be misleading. Solutions include adjusting simulation refresh rates and adding warnings for users.