A crypto trader has become the biggest hit by bad actors this month so far losing $1.28 million in crypto assets to a malicious permit transaction.
The loss of the assets is the latest episode in the Phishing pandemic sweeping across the industry.
The unfortunate development was picked up by Blockchain Analytics firm Peckshield alerts on Oct 14. Peckshield confirmed that the cryptocurrency investor lost 108 billion PEPE, 73.8 million APU, and 165,000 MSTR tokens after getting tricked into signing a phishing permit signature transaction.
Peckshield alerts shared there findings on the development on their X page.
“ #PeckShieldAlert The address 0xb0b8…40c7 has been drained of ~$1.28M worth of cryptos, including 108B $PEPE, 73.8M $APU, and 165K $MSTR, after signing a #phishing permit signature. The #phishing address #Fake_Phishing442846 is linked to the scammers who drained $32M worth of Spark Wrapped Ethereum tokens ($spWETH) 2 weeks ago” Peckshield Tweeted
The kind of malicious attack experienced by the trader is called an approval phishing attack which transfers control of a victim’s wallet to the attacker, allowing scammers to drain the stored assets.
In the trader’s case his wallet identified by “0xb0b..40c7,” lost roughly $1.2 million worth of cryptocurrencies across six transactions within a few minutes, with the stolen assets distributed across multiple addresses controlled by the attackers.
One of the bad actor addresses, labeled as “Fake_Phishing442846”, was involved in a separate attack two weeks ago with the affected wallet losing over $32 million worth of spWETH tokens after signing a similar malicious transaction.
Inferno Drainer
Arkham Intelligence another Blockchain intelligence firm reporting on the event confirmed that the attack was carried out using Inferno drainer a multichain cryptocurrency scam service provider.
The Inferno Drainer was created solely to cater to Bad actors in the crypto industry and have been heavily criticized for its role in phishing scams.
Till this date, Inferno Drainer has targeted several crypto-related projects, managing to steal over $230 million from over 200,000 victims per Dune analytics data. On Nov. 26, 2023, the developers announced plans to sunset the service indefinitely. But later in 2024 the service was brought back due to high demand from its customers.
What to Know
- Inferno Drainer is a subscription-based phishing-as-a-service tool that allows criminals to create malicious websites and applications to trick users into signing over control of their wallets. The developers charge scammers 30% for making phishing websites and another 20% for each successful attack.
- According to an August report by Chainalysis, Phishing attacks are directly responsible for the loss of over $2.7 billion since 2021.