Crypto investor loses $36 million for enabling phishing scheme

A recent cyberattack has resulted in an unsuspecting crypto investor losing 15,079 fwdETH, worth approximately $36 million.

In the incident, described by security experts as a fishing license scam, the bad actor tricked the user into unknowingly signing a malicious signature, which gave the thief full access to the account’s funds. individual

how it happened

Scam Sniffer, a Web3 anti-scam platform, broke the news in an Oct. 11 post on X, sharing the addresses of the victim and the attacker.

Five hours before the report appeared, the victim, identified by the address 0xeab23c1e3776fad145e2e3dc56bcf739f6e0a393, signed a fishing permit signature, unknowingly authorizing the hacker to move his 15,079 fwdETH.

The miner, linked to the address 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, immediately sold the tokens on the market, apparently causing the price of dETH, a related asset, to drop by more than 90% in 24 hours.

Commenting on the incident, analyst roffett.eth warned that the drop in the price of dETH had affected several decentralized finance (DeFi) protocols, particularly PAC Finance and Orbit Finance, as the sale had allegedly led to vulnerabilities in their systems

The Ripple Effect in DeFi

Allow phishing is still relatively new in crypto circles. It comes from criminals exploiting a requirement in certain DeFi tokens or contracts for the user to approve so-called permission signatures that grant third parties the ability to interact with their wallets, including spending or transferring funds.

Attackers typically create a fake website or interface that looks like a legitimate service or decentralized application (dApp) and then ask users to sign the “permission” transaction. It often masquerades as a legitimate request, tricking users into granting them full access to their assets.

These hackers take advantage of a lack of understanding of transaction permissions, allowing hackers to drain the assets of even well-versed crypto users.

This isn’t the first time DeFi users have been targeted by phishing schemes. According to Scam Sniffer, something similar happened just 12 days earlier, with the victim of this incident losing 12,083 spWETH, which was then valued at around $32 million.

Due to the increasing instances of these attacks, experts urge users to exercise extreme caution when interacting with unknown links or when signing transaction permissions.

“Always check the signatures you are asked to sign and avoid clicking on unknown links,” Scam Sniffer posted as a reminder to the crypto community of the constant threat of phishing scams.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!