WiiMee.eth pfp
WiiMee.eth
@wiimee
Wallet drainers just got deadly efficient. Smart accounts made draining faster and easier to miss. Here's the first real example I've seen and how to protect yourself. 🧵
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
2/ Most phishing attacks rely on one of three things: 🔹 SetApprovalForAll 🔹 Pre-approved assets used in marketplace signature exploits (e.g. OpenSea, Blur) 🔹 Permit2 / IncreaseAllowance signatures But with Pectra + smart wallets, it gets worse.
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
3/ This is only the beginning. Most users have no idea what a smart contract wallet really changes. They see benefits, not the risks. Wallet UIs don't highlight bundled approvals (yet). Most wallets don't even support Type 4 transactions properly yet.
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
4/ The following scenario becomes dangerous, if: - You've upgraded to a smart contract wallet (aka smart account) - You connected given wallet to a phishing website that utilizes Pectra drain logic If both apply? The attack is brutal.
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
5/ Here's how the drain happens 💧 🔹 You click Mint / Claim on the phishing website (Click 1) 🔹 Metamask shows bundled TX combining: 🔸 SetApprovalForAll for NFTs 🔸 increaseAllowance for ERC20s Clicked confirm? (Click 2) You're toast. ☠
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
6/ In my test, the drainer tried to bundle my Lazy Lions, Deadfellaz and USDC into one transaction while disguised as a "claim". With "Advanced Details" turned off in MetaMask, here is all you will see. And yes, this drainer is live. It hit a VF2 holder just yesterday.
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
7/ Why this is worse than older drainers: It's less obvious, because it has no individual popups. Just ONE click to bundle transactions. The new UX flow will make users navigate even faster, and more likely to click blindly.
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
8/ Batching makes the UX smoother, but also risikier. Smart wallets can bundle approvals, batch calls, and simplify the UX. But that same flexibility gives drainers more surface to exploit. Security UX needs to evolve fast or we're screwed.
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
9/ To all security peeps: This makes our job even harder. I'd say significantly. We've always preached wallet hygiene. Before, the damage was limited to approvals signed one by one (unless pre-approved assets were involved). Now everything can be approved at once.
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
10/ Quick ways to stay safe: 🛡 Use burner wallets for every mint / claim / airdrop 👀 Watch out for batch txs, especially if using MetaMask /w smart accounts 🚫 Never connect your vault wallet to unknown sites 🔍 Monitor and revoke approvals via revoke.cash
1 reply
0 recast
1 reaction
WiiMee.eth pfp
WiiMee.eth
@wiimee
11/🧯 Bonus tip: You can always revert to a normal wallet in MetaMask. Go to ⋮ > Account Details > "Switch back to regular account" This disables the smart contract delegation and reduces attack surface.
0 reply
0 recast
0 reaction