WiiMee.eth
@wiimee
Wallet drainers just got deadly efficient. Smart accounts made draining faster and easier to miss. Here's the first real example I've seen and how to protect yourself. 🧵
1 reply
0 recast
1 reaction
WiiMee.eth
@wiimee
2/ Most phishing attacks rely on one of three things: 🔹 SetApprovalForAll 🔹 Pre-approved assets used in marketplace signature exploits (e.g. OpenSea, Blur) 🔹 Permit2 / IncreaseAllowance signatures But with Pectra + smart wallets, it gets worse.
1 reply
0 recast
1 reaction
WiiMee.eth
@wiimee
3/ This is only the beginning. Most users have no idea what a smart contract wallet really changes. They see benefits, not the risks. Wallet UIs don't highlight bundled approvals (yet). Most wallets don't even support Type 4 transactions properly yet.
1 reply
0 recast
1 reaction
WiiMee.eth
@wiimee
4/ The following scenario becomes dangerous, if: - You've upgraded to a smart contract wallet (aka smart account) - You connected given wallet to a phishing website that utilizes Pectra drain logic If both apply? The attack is brutal.
1 reply
0 recast
1 reaction
WiiMee.eth
@wiimee
5/ Here's how the drain happens 💧 🔹 You click Mint / Claim on the phishing website (Click 1) 🔹 Metamask shows bundled TX combining: 🔸 SetApprovalForAll for NFTs 🔸 increaseAllowance for ERC20s Clicked confirm? (Click 2) You're toast. ☠
1 reply
0 recast
1 reaction
WiiMee.eth
@wiimee
6/ In my test, the drainer tried to bundle my Lazy Lions, Deadfellaz and USDC into one transaction while disguised as a "claim". With "Advanced Details" turned off in MetaMask, here is all you will see. And yes, this drainer is live. It hit a VF2 holder just yesterday.
1 reply
0 recast
1 reaction
WiiMee.eth
@wiimee
7/ Why this is worse than older drainers: It's less obvious, because it has no individual popups. Just ONE click to bundle transactions. The new UX flow will make users navigate even faster, and more likely to click blindly.
1 reply
0 recast
1 reaction