Security researchers have issued urgent warnings about critical vulnerabilities affecting wallets on the Tron and The Open Network (TON) blockchains, exposing millions of users to potential asset theft. A new, sophisticated wallet-draining toolkit named AngelX is actively exploiting these weaknesses through phishing campaigns.
The primary threat centers on a vulnerability within Tron wallets related to the UpdateAccountPermission function. According to a report from security firm AMLBot, this feature, designed for enhanced security and multi-signature control, can be exploited by attackers who gain access to a compromised private key. The attacker can then add their own key to a victim's wallet, configure transaction thresholds, and block legitimate outgoing transactions, effectively locking the owner out. Victims may unknowingly continue depositing funds into the compromised wallet.
AMLBot estimates that this specific Tron vulnerability led to attacks on roughly 2,130 wallets in Q4 2024 alone, with approximately 14,545 users at risk. The firm notes users are not notified when a new key is added, often only discovering the compromise when attempting to transfer funds, with limited recourse for recovery.
Simultaneously, cybersecurity firm Blockaid has exposed the AngelX phishing toolkit, an evolution of the notorious Angel Drainer. Since its emergence on August 31, AngelX has been deployed in over 150 phishing scams, leveraging more than 300 malicious decentralized applications (dApps). The toolkit specifically targets newer blockchains like TON and Tron, which Blockaid claims are more vulnerable due to a lack of robust, widely-adopted security tools and smaller, less vigilant communities.
Blockaid's early detection has already helped safeguard around $400,000 in user funds. The rise of AngelX follows the shutdown of several major drainer services, including Angel Drainer (responsible for over $25 million in theft), Pink Drainer ($75 million), and Inferno Drainer ($70 million), potentially due to increased pressure from security firms.
The news underscores the persistent threat of hacks and scams in crypto, which led to over $2.3 billion in losses in 2024, with compromised private keys being a leading cause. Experts advise users to securely store private keys, avoid sharing sensitive information online, and regularly check account permissions as safety measures.
