Phishing Attack Claims $32 Million from Crypto Whale
A significant phishing attack has reportedly led to the loss of over $32 million in tokens from a crypto whale. This incident was first highlighted by ScamSniffer, a blockchain security firm, on the social media platform X.
The assets stolen in this attack included 12,083 wrapped ether tokens (spWETH), which are associated with the decentralized finance (DeFi) protocol Spark, valued at approximately $32.4 million.
Inferno Drainer: The Tool Behind the Scam
According to Arkham, a blockchain intelligence company, the attack was executed using a notorious tool known as the Inferno Drainer. This “scam-as-a-service” software is infamous for its efficiency in targeting users through counterfeit versions of popular DeFi applications.
By tricking users into signing transactions, Inferno Drainer effectively grants operators control over their wallets. Statistics revealed that this malicious software has been responsible for draining over $215 million from more than 200,000 victims, according to a Dune Analytics dashboard developed by ScamSniffer.
The individuals behind this operation allegedly take a hefty 20% commission from the stolen assets. While Inferno Drainer was shut down by its developers in November 2023, it reemerged in May 2024 with promises of enhanced features, a new staff, and support for 28 blockchains and various DeFi applications.
Identity of the Victim and Recovery Attempts
The identity of the crypto whale victim remains unverified. However, blockchain investigator ZachXBT has noted substantial transactions linking the compromised wallet to a whale identified as CZSamSun, which is distinct from the researcher known as @samczsun on X.
In an effort to recover the stolen funds, a message sent from the victim’s wallet offered a 20% reward for their return; however, no response has been received from the alleged scammer.
Advice for Crypto Users: Stay Cautious
Blockchain analytics firm LookOnChain has issued warnings for crypto users, urging them to be vigilant by avoiding unfamiliar links and verifying all transactions before signing to help prevent falling victim to similar scams.
Emergence of a Fraudulent Wallet App
In a parallel development, a fraudulent cryptocurrency wallet application, named WalletConnect, has reportedly swindled users out of $70,000. Described as a sophisticated scam targeting mobile users exclusively, this app masqueraded as the legitimate WalletConnect protocol.
Disguised as a solution to the common issues faced by web3 users—such as compatibility challenges—the deceptive app managed to lure over 10,000 users into downloading it, as reported by cybersecurity firm Check Point Research (CPR).
New Malware Threats in the Cybersecurity Landscape
In additional news, cybersecurity scammers are now employing automated email replies to infiltrate systems and deploy stealthy crypto mining malware. This alarming tactic follows the recent identification of the “Cthulhu Stealer” malware, which impacts MacOS systems by masquerading as legitimate software and targeting sensitive personal information, including MetaMask passwords and private keys of cold wallets.
The continual evolution of such scams and malware underscores the importance of maintaining strict cybersecurity measures and exercising caution when interacting with crypto applications and platforms.