Two such assaults have been detected as we speak on platforms OpenEden and Curvance. One other try focused customers of Maple Finance final week.
Entrance-end assaults depend on getting access to, for instance, a DeFi undertaking’s web site, and inserting malicious code which prompts customers to unwittingly switch their crypto property to the attacker.
A wave of front-end assaults swept over the sector in 2024.
URGENT: We’ve got detected a frontend assault by AngelFerno, focusing on https://t.co/Bf93OZiezf. Should you’re linked, please chorus from signing transactions and keep away from interactions with the dApp till the problem is resolved. We’re working carefully with affected companions. Extra updates…
— Blockaid (@blockaid_) February 16, 2026
Early on Monday, Blockchain safety agency Blockaid reported a front-end assault on real-world asset tokenization platform OpenEden.
The agency suggested customers to “refrain from signing transactions and avoid interactions with the dApp until the issue is resolved.”
Blockaid attributed the assault to the AngelFerno crypto pockets drainer.
OpenEden warned customers to not work together with both openeden.com or portal.openeden.com “as it can cause you to lose your wallet’s assets.”
The put up offers a hyperlink to the undertaking’s proof of reserves, to reassure customers that underlying property are protected.
Double bother
Simply hours later, Ethereum Safety Alliance member “pcaversaccio” warned of a site compromise affecting lending platform Curvance’s web site.
curvance[.]com area is compromised. Please keep away and don’t work together with the curvance[.]com UI nor hyperlinks for now! pic.twitter.com/OIKygjqJ3L
— sudo rm -rf –no-preserve-root / (@pcaversaccio) February 16, 2026
The tweet contains screenshots, one among which exhibits the area having been up to date earlier as we speak with no DNSSEC signature. One other exhibits a malicious approvals transaction, additionally apparently generated by the AngelFerno drainer.
Curvance reassured customers that “preventative measures were taken before any loss of funds occurred.” Nevertheless, it recommends they “refrain from interacting with the front end until further notice.”
Final week, $2 billion “onchain asset manager” Maple Finance was hit with the identical assault. The workforce up to date customers after regaining management, stating that “good contracts and funds have remained protected and unaffected.“
The Maple net utility is again on-line with its full performance restored. Sensible contracts and funds have remained protected and unaffected. https://t.co/tLsz5sKvC7
— Maple (@maplefinance) February 9, 2026
Rip-off-as-a-service
Crypto pockets drainers, resembling AngelFerno are so-called “scam-as-a-service” scripts which immediate malicious transactions relying on what’s within the linked sufferer’s pockets.
The scripts are distributed to phishing scammers and SIM swappers who discover revolutionary methods to lure victims into partaking with the drainer.
Any proceeds from a profitable drain are routinely cut up between scammer and drainer developer in accordance with its code.
Drainer victims are sometimes lured in by false airdrop guarantees, spoofed entrance ends, or pretend safety scares. Nevertheless, it’s not simply naive newbies who fall into the lure; even hackers themselves have been identified to get stung.
