Major Cryptocurrency Loss Due to Phishing Attack
A cryptocurrency trader faced a significant setback on October 14, losing over $1.28 million in digital assets. This unfortunate event was the result of a phishing attack that the trader had been unwittingly involved with back in late September. The incident serves as a stark reminder of the persistent threats in the cryptocurrency space.
Attack Methodology: The Inferno Drainer
The phishing scheme is believed to have been executed using a malicious toolkit known as Inferno Drainer. This phishing-as-a-service platform has garnered infamy for its role in facilitating scams that have collectively siphoned off hundreds of millions of dollars. Arkham, a prominent blockchain intelligence firm, identified the attack’s execution method, shedding light on the alarming trend of digital asset theft.
Details of the Attack
The affected wallet, designated as “0xb0b..40c7,” was thoroughly compromised after the trader was deceived into signing a phishing permit transaction. In total, 108 billion PEPE tokens, 73.8 million APU tokens, and 165,000 MSTR tokens were drained from the wallet. The attack unfolded through a series of six transactions, resulting in the illicit transfer of funds to various addresses that the perpetrators controlled.
Link to Previous Scams
Notably, one of the wallets involved in this scam, identified as “Fake_Phishing442846,” had previously been implicated in another phishing incident just weeks earlier. This earlier attack resulted in the theft of over $32 million worth of spWETH tokens, highlighting the ongoing risks associated with these malicious actors.
The Mechanics of Inferno Drainer
The Inferno Drainer toolkit enables scammers to develop deceptive websites and applications, successfully tricking unsuspecting users into relinquishing control of their wallets. Operating on a subscription model, this service charges criminals 30% for the creation of phishing sites and an additional 20% for each successful fraudulent operation. According to data gathered from Dune Analytics, Inferno Drainer has contributed to the theft of more than $237 million from over 200,000 victims.
Resurgence of Phishing Tactics
Despite an announcement by developers to discontinue Inferno Drainer in November 2023, the toolkit resurfaced in May 2024, spurred by a renewed demand for phishing strategies among cybercriminals. This revival of tactics signifies an ongoing battle between security measures and the evolving methods of scammers.
Widespread Impact of Phishing Attacks
Phishing attacks have emerged as a significant threat to cryptocurrency investors. A report from Chainalysis indicates that losses from such incidents have reached approximately $2.7 billion since 2021. The ramifications of these attacks can be dire; for instance, a venture capital fund recently suffered a staggering $35 million loss in fwDETH tokens, which subsequently triggered a 90% drop in the token’s market value.
Recent Statistics on Cryptocurrency Theft
In the third quarter of 2024 alone, more than $127 million in cryptocurrencies were reported stolen, with around $46 million of those losses occurring in September. Web3 security firm Scam Sniffer highlighted that approximately 10,800 individuals fell victim to phishing attacks during that month. The most significant incident was recorded on September 28, when a permit phishing attack led to the theft of 12,083 spWETH, valued at $32.43 million. The attacks primarily targeted popular cryptocurrencies such as Ether, Polygon (MATIC), BNB, and Optimism (OP).
Conclusion: Staying Vigilant Against Phishing
The recent events serve as a sobering reminder of the ongoing risks associated with cryptocurrency investments. Many phishing incidents originate from malicious links shared on social media and through phishing advertisements on platforms such as Google. As the digital landscape continues to evolve, it is crucial for investors to remain vigilant and adopt robust security measures to protect their assets.