Crypto Investor Loses $36M to Allow Phishing Scheme

A recent cyber attack reportedly cost an unsuspecting crypto investor 15,079 fwdETH, which is roughly $36 million.

In what security experts describe as a license phishing scam, the bad actor tricks the user into signing a fraudulent signature, giving the thief full access to the person's funds.

How did it happen?

Scam Sniffer, the Web3 anti-fraud forum, broke the news in a post on October 11 on X, sharing the addresses of the victim and the attacker.

Five hours before the report was released, the victim, identified as 0xeab23c1e3776fad145e2e3dc56bcf739f6e0a393, signed a consent phishing signature, giving the hacker unwitting permission to move 15,079 fwdETH.

The exploiter, linked to the address 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, immediately sold the tokens on the market, destroying more than 90% of dETH's corresponding assets within 24 hours.

Commenting on the incident, analyst roffett.eth warned that the drop in the value of DeTH led to the sale of several decentralized finance (DeFi) protocols, particularly PAC Finance and Orbit Finance, which caused vulnerabilities in their systems.

The impact of Ripple on DeFi

Allow phishing is still relatively new in crypto circles. It comes from criminals using certain DeFi tokens or contracts to authorize users to authorize so-called authorization signatures, allowing third parties to interact with their wallets, including withdrawing or transferring funds.

Attackers often create a fake website or interface that looks like a legitimate service or decentralized application (dApp) and then ask users to sign a “permission” transaction. This is often disguised as a legitimate request, tricking users into getting full access to their assets.

Hackers like this take advantage of our understanding around transaction permissions, which allows hackers to extract assets from even well-informed crypto users.

This isn't the first time DeFi users have been targeted by phishing schemes. According to Scam Sniffer, the same thing happened just 12 days ago, in which the victim lost 12,083 spWETH, which was worth $32 million.

With such attacks on the rise, experts urge users to be more careful when linking to unfamiliar links or signing marketing authorizations.

“Always double-check signatures you're asked to sign and avoid clicking unknown links,” Scam Sniffer posted to remind the crypto community of the constant threat of phishing schemes.