Crypto Investor Loses $6.9M Worth of ETH to Scam
By Olivier Acuña | TH3FUS3 Chief Editor
May 26, 2024 08:20 PM
Reading time: 1 minute, 45 seconds
TL;DR A cryptocurrency investor recently lost millions to a sophisticated phishing scam. Scam Sniffer, a Web3 anti-scam firm, reported that the investor was tricked into signing a malicious Permit phishing signature. This authorization led to the theft of 1,807 Ether.fi-Liquid tokens valued at $6.9 million.
Major Phishing Scam Unveiled
A cryptocurrency investor recently lost millions to a sophisticated phishing scam. Scam Sniffer, a Web3 anti-scam firm, reported that the investor was tricked into signing a malicious Permit phishing signature. This authorization led to the theft of 1,807 Ether.fi-Liquid1 tokens, valued at $6.9 million.
A Repeat Victim
Blockchain investigator ZachXBT noted that the same investor fell victim to a phishing attack last year, losing $638,000. The scam involved using a permit function, allowing an off-chain authorization signature to execute transactions on another address's behalf. This method enabled the transfer of tokens without on-chain transactions, facilitating the theft.
The Mechanics of the Theft
The theft involved two wallets, 0xE56978, from the scammer and 0xFC4EA, belonging to a drainer. Notably, the stolen funds remain within these addresses.
Meanwhile, MistTrack, a crypto tracking and compliance platform built by SlowMist, found connections to the Pink and Inferno Drainers, notorious draining-as-a-service (DAAS) providers in the theft.
The drainers offer scammers tools for phishing exploits, such as fake social media accounts and websites, in exchange for a cut of the stolen funds. BeInCrypto reported that these services were used to steal $295 million from 324,000 victims in 2023.
Expert Commentary
"Another huge amount of phishing, nearly 7 million USD of ETH pledged assets... from the old phishing gang Inferno Drainer. The reason is that the relevant permit offline authorization signature was phished away.
Are there still many people who haven't heard of the phishing tricks or rumors of '1click f#ck?' I hope the victims can come forward to tell their stories, especially what wallets they used," said Yu Xian, founder of SlowMist.
Ongoing Threats
Last week, Pink Drainer announced its retirement after amassing $85 million in stolen assets. Around the same period, Inferno Drainer resumed operations after a brief hiatus, citing increased demand and competitors' exit.
This incident further shows that phishing attacks remain a prevalent method for stealing digital assets. Scammers often use fake accounts on social media platforms to impersonate legitimate projects. These accounts may display fake verification marks and post deceptive comments to lure users to malicious websites that drain their assets.
