An NFT trader, known by the Ethereum handle b3hodlr.eth, has suffered a significant loss due to a phishing attack. The incident, detected by on-chain security platform PeckShieldAlert and crypto investigator ZachXBT, resulted in the loss of approximately 356.7 $wstETH, valued at around $1.26 million.
#PeckShieldAlert ZachXBT has detected that b3hodlr.eth has fallen victim to #phishing by #Fake_Phishing187019, resulting in a loss of ~356.7 $wstETH (worth ~$1.26m) pic.twitter.com/s73Jt90voV
— PeckShieldAlert (@PeckShieldAlert) May 16, 2024
The attack was orchestrated by an entity known as Fake_Phishing187019. The phishing scheme led to the unauthorized transfer of $wstETH tokens from b3hodlr.eth’s wallet. The breach highlights the increasing sophistication and prevalence of phishing attacks within the cryptocurrency sector.
Additional Losses in the NFT Space
In a related incident, an NFT trader recently lost over $145,000 worth of Bored Ape Yacht Club (BAYC) collectibles. The phishing attack, which took place on May 8, led to the transfer of three BAYC NFTs to a malicious actor identified as Pink Drainer. The stolen NFTs include BAYC 7531, BAYC 6736, and BAYC 2100.
#PeckShieldAlert ZachXBT has detected that tatis.eth has fallen victim to a phishing attack, resulting in the loss of 3 #BoredApeYachtClub NFTs, specifically #BAYC #7531, #BAYC #6736, & #BAYC #2100.
— PeckShieldAlert (@PeckShieldAlert) May 9, 2024
The scammer #PinkDrainer has already sold the stolen #BAYCs for a total of ~48.5… pic.twitter.com/vU0EPndvRM
The incident began at 17:47 UTC on May 8, when BAYC 7531 was transferred from tatis.eth to the phishing account. Subsequently, BAYC 6736 and BAYC 2100 were moved to the same address. Pink Drainer managed to sell the three NFTs on leading NFT marketplaces Seaport and Blur, garnering 48.5 ETH, equivalent to $145,000.
This latest attacks follows a series of nefarious activities by the same hacker group. In December 2023, they were reported to have stolen Chainlink (LINK) tokens worth $4.4 million. The hackers employed deceptive tactics, tricking users into authorizing transactions linked to the “IncreaseAllowance” function, leading to losses totaling 275,700 LINK.