Highlights:
- ScamSniffer reports a crypto whale lost over $32 million in spWETH tokens.
- The phishing attack is linked to the notorious Inferno Drainer group.
- Over $66 million was lost in phishing attacks during August 2024.
According to a post on X by blockchain security firm ScamSniffer, a crypto whale lost $32.4 million in tokens after signing a malicious transaction. The breach targeted the victim’s wallet via Spark’s decentralized finance platform, stealing 12,083 wrapped Ether (spWETH) tokens.
Advertisement
🚨 43 mins ago, someone lost 12,083 spWETH ($32.43M) after signing a "permit" phishing signature.💸 pic.twitter.com/y7PQZW2FZq
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) September 28, 2024
The phishing attack is connected to the infamous Inferno Drainer, a scam-as-a-service platform that deceives users by creating fake DeFi applications. According to the Dune Analytics dashboard provided by ScamSniffer, the Inferno Drainer has reportedly stolen over $215 million from more than 200,000 victims.
The operators of Inferno reportedly take a 20% commission on stolen tokens. While its developers initially shut down the service in November 2023, it returned in May, claiming to be “better than ever” with “new staff, new ways to work, new support, and new features.” The scam service now claims to support 28 blockchains and hundreds of DeFi apps.
Whale Identity Remains Unconfirmed
The identity of the individual who lost over $32 million is unconfirmed. However, blockchain investigator ZachXBT has linked the affected wallet to a whale named CZSamSun (not to be confused with X user @samczsun, a researcher at VC firm Paradigm).
The firm noted that the wallet owner has a history of significant transactions with another prominent account. A blockchain message from the victim’s wallet reportedly offered a 20% reward for returning the funds, but the alleged scammer has not yet responded.
not to be confused with @samczsun just some whale with the same alias pic.twitter.com/MbQnNlvtGw
— ZachXBT (@zachxbt) September 28, 2024
Meanwhile, Arkham Intelligence has linked the wallet to Shixing Mao, known as Discus Fish, a co-founder of F2Pool and Cobo. However, their AI-based identification of the wallet owner shows a low confidence level.
Analytics platform LookOnChain also issued a warning on X:
“To avoid being phished, please do not click on any unknown links and do not sign any unknown signatures. Always double-check when signing signatures.”
Increase in Phishing Attacks
In August 2024, crypto phishing attacks surged by 215%. According to Scam Sniffer’s August phishing report, total losses from these malicious attacks surpassed $66 million. The security firm reported a wallet lost $55 million in a single phishing attack targeting the victim’s proxy ownership.
A September 2024 report from Blockaid revealed that the notorious Angel Drainer, a malicious phishing software targeting cryptocurrency users, has been upgraded to AngelX. This newly enhanced phishing software deployed over 300 phishing DApps in just four days. At that time, a Blockaid spokesperson raised concerns that the upgraded AngelX phishing suite was targeting newer blockchain networks like The Open Network (TON) and Tron (TRX).
Recently, a fraudulent crypto wallet app on Google Play reportedly stole $70,000 in a sophisticated scam. The malware directed unsuspecting users to a site that tricked them into authorizing transactions. The app, disguised as the reputable WalletConnect protocol, was uploaded in March 2024. It remained undetected for over five months, accumulating more than 10,000 downloads. However, only 150 users fell victim to the scam. The fake WalletConnect app has now been removed from the Google Play Store.
Advertisement
