Angel Drainer, a notorious crypto phishing toolkit, has resurfaced with a new version called “AngelX,” which is more dangerous and easier to use than its predecessor. According to blockchain security firm Blockaid, this upgraded system has already deployed over 300 malicious decentralized applications (dApps) aimed at stealing digital assets from unsuspecting users.
Targeting Newer Blockchains
AngelX has expanded its reach, with one of its most concerning features being its ability to target users on “newer, less mature blockchains” like The Open Network (TON) and the Tron network. These blockchains are seen as vulnerable due to their lack of advanced security measures, according to Blockaid.
“[AngelX] perceive these chains as less equipped to defend against attacks, due to a lack of robust security tools and support,” Blockaid noted in its report. Since its launch on August 31, the AngelX system has powered more than 150 scams.
Evasion and Customization Features
One of the most alarming upgrades in the AngelX system is its high evasion rate, making it difficult for other security vendors to detect and block its malicious dApps. The platform also features an improved user experience (UX) and control panel, allowing scammers to create highly customizable phishing apps that can be deployed across a broader range of blockchains.
Despite these upgrades, Blockaid’s early detection of AngelX helped the firm safeguard approximately $400,000 in assets within the first five days of its operation.
Angel Drainer’s History of Crypto Theft
The original Angel Drainer toolkit reportedly ceased most of its operations in mid-July after its developers realized their identities might have been compromised. However, security analysts estimate that Angel Drainer-powered phishing scams have already stolen around $25 million in crypto assets.
Drainer toolkits, like AngelX, enable phishing scammers to drain cryptocurrency wallets by tricking users into approving fraudulent transactions. These toolkits are often sold to scammers, who then share a portion of the stolen funds with the toolkit providers.
