Blockchain investigtor, Scam sniffer said a victim lost $3.047M USDC yesterday after a sophisticated attack that used a fake Request Finance contract on a Safe wallet.
The victim’s 2/4 Safe multi-signature wallet executed a batch transaction through the Request Finance app interface that included an approval of a malicious contract.
That fake contract mirrored a legitimate address by matching the same first and last characters, and it was later found to be verified on Etherscan.
The attack happened on-chain, through what looked like a normal app flow, and it allowed the attackers to pull funds from the wallet.
Also Read: Alex Protocol Unveils Reimbursement Plan for Victims of $8.3 Million Crypto Hack
Wallet breach
The wallet showed a single batch of transactions, and on the surface, the steps seemed routine. The Request Finance app was the user interface, and hidden inside the batch was an approval to contract 0x3Cf6e5…c03F.Â
The real contract had an address close in form: 0x3cF638…C03f. The two addresses shared identical first and last characters. That small detail made the fake one look legitimate at a glance.
How did the fake contract work?
The attackers relied on mimicry and user trust, and the malicious address was verified on Etherscan. Verification gave it a ribbon of legitimacy for anyone who checked.
The approval step matters, and once a wallet approves a contract, that contract can move the tokens the wallet holds.
In this case, the approval was tucked inside a batch, and the user may have approved the whole batch without noting the odd contract. That single approval let the attackers drain $3.047M in USDC.
Other recent losses
This incident fits into a larger pattern, as on-chain investigator Zach reported a single victim lost 783 BTC, roughly $91M, when attackers impersonated both exchange and hardware wallet customer support. That case used social engineering to trick the victim into handing over keys and access.
Separately, fraudsters in Nigeria duped a donor into sending $250,000 in crypto by posing as high-profile U.S. political figures. The U.S. Department of Justice said the scammers spoofed an email address to impersonate Steve Witkoff, who is tied to a political inaugural committee.Â
Those scams show that attackers use many angles: fake contracts, support impersonation, and spoofed messages.
Rising threat and the need for better security
Scams and hacks keep rising as crypto use grows, and attackers are more patient and more creative. They test small tricks first, then scale once a method works.
Tools and user interfaces can hide risk if people assume every screen is safe. With more projects and services online, the attack surface expands. That makes security work urgent.
Developers, wallet providers, and exchanges must build stronger checks. Users also need clearer warnings and easier ways to verify what they approve.
The Safe wallet exploit shows how a small detail can lead to millions lost. The $3.047M theft, the 783 BTC case, and the $250,000 political impersonation scam all point to one lesson. Security cannot be an afterthought.
Also Read: Crypto Scam Victim of $20M Crypto Romance Scam Sues Citibank for Allegedly Ignoring Warning Signs