Crypto Phishing Victim Loses $24 Million in Wallet Approval Scam  

An unfortunate cryptocurrency investor has lost millions in the latest crypto phishing scam. Furthermore, the victim lost a large stash of staked Ethereum tokens in what is one of the largest phishing attacks in recent history.

On September 7, blockchain security and scam feeds flashed up alerts about a massive phishing attack, but it was too late for one investor. 

Crypto Phishing Attack Drains $24M in Tokens

Just a few hours ago, the attack was reported, and the details still remain patchy. However, it appears that the victim lost $24.23 million worth of stETH and rETH in the attack.

PeckShield reported that the whale lost 9,579 stETH and 4,851 rETH. stETH is the Lido staked Ethereum token, while the Rocket Pool staked Ethereum token is rETH.

According to Scam Sniffer, the victim gave the token approvals to the scammer by signing “increaseAllowance” transactions.

Moreover, the malicious address had previously been flagged and was associated with a number of crypto phishing websites.

Phished wallet addresses. Source: X/@realScamSniffer

Furthermore, PeckShield reported that the attacker had already started transferring the stolen funds.

They swapped the rETH and stETH for around 13,785 ETH, worth roughly $22.5 million, and 1.64 million DAI. 

The report added that FixedFloat has already received a transfer of around 451,000 DAI. FixedFloat is an automated cryptocurrency exchange using the Lightning Network.

Stolen funds path. Source: X/@PeckShieldAlert
Stolen funds path. Source: X/@PeckShieldAlert

Phishing is a form of social engineering scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware.

Recently, some of these malicious links have even been found on Google as advertisements. Additionally, one fake Google crypto ad resulted in a victim almost falling for a scam that would have ended in a nearly $900,000 loss.

In August, BeInCrypto reported that scammers stole 675,000 USDT and seven NFTs in two phishing attacks.

Read more: 15 Most Common Crypto Scams To Look Out For

New Threat Actor Detected

On September 6, cybersecurity firm Group-IB warned of a major phishing threat actor called “W3LL”. The threat actor runs a hidden underground market selling tools to bypass Microsoft 365 multifactor authentication (MFA).

Moreover, the custom phishing kit called the “W3LL Panel” targets corporate Microsoft 365 accounts.

Additionally, estimates suggest that between October 2022 and July 2023, over 56,000 accounts were compromised.

Experts warned that the tools signal a dangerous new era of sophisticated “adversary-in-the-middle” phishing attacks designed to bypass MFA that will be hard to detect.

The post Crypto Phishing Victim Loses $24 Million in Wallet Approval Scam   appeared first on BeInCrypto.

Source link