crypto.news
A trader lost over $1.28 million worth of cryptocurrencies after signing a malicious permit transaction.
According to blockchain security firm PeckShieldAlert, on Oct. 14, a cryptocurrency investor lost 108 billion PEPE, 73.8 million APU, and 165,000 MSTR tokens after getting tricked into signing a phishing permit signature transaction.
#PeckShieldAlert The address 0xb0b8…40c7 has been drained of ~$1.28M worth of cryptos, including 108B $PEPE, 73.8M $APU, and 165K $MSTR, after signing a #phishing permit signature.
— PeckShieldAlert (@PeckShieldAlert) October 14, 2024
The #phishing address #Fake_Phishing442846 is linked to the scammers who drained $32M worth of… pic.twitter.com/fq3a4DD0tD
This is called an approval phishing attack which transfers control of a victim’s wallet to the attacker, allowing scammers to drain the stored assets.
In this case, the victim’s wallet, identified by “0xb0b..40c7,” lost roughly $1.2 million worth of cryptocurrencies across six transactions within a few minutes, with the stolen assets distributed across multiple addresses controlled by the attackers.
One of the addresses, labeled as “Fake_Phishing442846”, was involved in a separate attack two weeks ago with the affected wallet losing over $32 million worth of spWETH tokens after signing a similar malicious transaction.
At the time, blockchain intelligence firm Arkham reported that the attack was executed using Inferno Drainer, a multi-chain cryptocurrency scam service provider. As such, it is likely that the bad actors behind the recent attack also employed the scam toolkit.
For those unaware, Inferno Drainer is a subscription-based phishing-as-a-service tool that allows criminals to create malicious websites and applications to trick users into signing over control of their wallets. The developers charge scammers 30% for making phishing websites and another 20% for each successful attack.
To date, Inferno Drainer has targeted several crypto-related projects, managing to steal $237,775,036 from over 200,000 victims per Dune analytics data. On Nov. 26, 2023, the developers announced plans to sunset the service indefinitely. However, the toolkit resurfaced in May 2024, driven by renewed demand from its “customers.”
**BREAKING**
— Plum (@Plumferno) May 20, 2024
🚩Inferno Drainer is BACK IN BUSINESS🚩🙃
This isn't good news, in case you are somehow unaware…
(yes, I know they never really shut down all the way, so I know a lot of you aren't going to be surprised about this at all) pic.twitter.com/zbWCkXquTd
Phishing attacks have become a growing threat in the cryptocurrency space, with one of the leading reasons behind victims’ losses being approval phishing attacks. According to an August report by Chainalysis, these attacks have siphoned off over $2.7 billion since 2021.
Last week, a wallet reportedly linked to a venture capital fund lost over $35 million worth of fwDETH tokens after signing a dubious permit signature.
In its Q3 report, blockchain security firm CertiK labeled phishing as the most damaging attack vector for the quarter, with losses amounting to $343.1 million across 65 incidents.