A recent incident has highlighted the persistent threats facing cryptocurrency traders, particularly from phishing schemes. A trader has reportedly lost a staggering $1.28 million worth of digital assets due to a malevolent transaction permit that allowed attackers to siphon an array of cryptocurrencies from their wallet. This alarming event underscores the growing sophistication of cybercriminals in the crypto space.
Details of the Incident
On October 14, 2023, a trader fell victim to an approval phishing attack that led to the loss of significant holdings, including:
- 108 billion PEPE tokens
- 73.8 million APU tokens
- 165,000 MSTR tokens
According to blockchain security firm PeckShieldAlert, the affected wallet was identified as 0xb0b8…40c7, and the total drain amounted to approximately $1.28 million. This incident was not an isolated one; the funds were extracted through several rapid transactions, with the hijacked assets quickly circulated across multiple wallets controlled by the perpetrators.
“This type of phishing attack transfers control of a victim’s wallet to the attacker, enabling them to drain the stored assets,” emphasized PeckShieldAlert in their report.
One of the wallets involved, flagged as Fake_Phishing442846, had previously participated in a prior attack that resulted in losses exceeding $32 million from a separate victim who also authorized a phishing transaction.
The Role of Inferno Drainer
Blockchain analytics firm Arkham has revealed that this attack utilized tools associated with Inferno Drainer, a notorious multi-chain cryptocurrency scam service. This platform functions as a phishing-as-a-service model, allowing criminals to craft deceptive websites and applications that trick victims into relinquishing their wallet control. The developers of Inferno Drainer reportedly take a hefty 30% fee for creating these phishing sites and another 20% from each successful scam.
To date, Inferno Drainer has been linked to the theft of $237.8 million from over 200,000 victims, according to data from Dune Analytics. Despite the developers’ announcement to cease operations on November 26, 2023, the service resurfaced in May 2024, indicating an alarming demand for such malicious tools in the crypto underworld.
BREAKING:
🚩Inferno Drainer is BACK IN BUSINESS🚩🙃
“This isn’t good news,” tweeted community member Plum, acknowledging the persistent threat.
The Growing Threat of Phishing Attacks
Phishing attacks, particularly approval phishing attacks, are on the rise within the cryptocurrency sector. A report from Chainalysis revealed that these attacks have pilfered over $2.7 billion since 2021. Just last week, a wallet tied to a venture capital fund lost $35 million in fwDETH tokens after signing a dubious permit.
In its Q3 report, blockchain security firm CertiK identified phishing as the most destructive avenue for attacks during the quarter, resulting in losses of $343.1 million across 65 incidents.
Key Takeaways
- Victim’s Loss: $1.28 million
- Key Tokens Stolen:
- 108 billion PEPE
- 73.8 million APU
- 165,000 MSTR
- Attack Type: Approval phishing attack
- Service Used: Inferno Drainer (subscription-based phishing-as-a-service)
- Historical Impact of Phishing: Over $2.7 billion lost since 2021
This incident serves as a stark reminder for crypto traders to remain vigilant and cautious with wallet permissions and to recognize the burgeoning risks of approval phishing. It’s essential to implement stringent security measures and to be wary of any suspicious requests for transaction permissions.
