Crypto Trader Loses Over $32M in Phishing Attack

According to an on-chain discovery by blockchain security platform ScamSniffer on X, a crypto whale has lost over $32 million in tokens after interacting with a malicious link.

The incident resulted in the loss of 12,083 wrapped ether tokens (spWETH) from the decentralized finance (DeFi) platform Spark, valued at approximately $32.4 million.

🚨 43 mins ago, someone lost 12,083 spWETH ($32.43M) after signing a "permit" phishing signature.💸 pic.twitter.com/y7PQZW2FZq

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) September 28, 2024

The identity of the phished victim is still unknown, but the self-proclaimed blockchain sleuth ZachXBT identified large transactions linking the affected wallet to a whale called CZSamSun.

A message from the victim’s wallet offered a 20% bounty for the return of the stolen funds, but no response from the scammer has been reported yet.

Inferno Drainer Steals Wallets With Fake DeFi

The attack was linked to the Inferno Drainer scam-as-a-service, as blockchain analytics firm Arkham highlighted.

Inferno Drainer is designed to lure users with fake versions of legitimate DeFi platforms, tricking them into signing transactions that grant scammers control over their wallets. According to a Dune Analytics dashboard created by ScamSniffer, the scam service has stolen over $215 million from over 200,000 victims throughout its operation.

Inferno’s operators are said to take a 20% cut from the stolen assets. Although its creators initially discontinued the service in November 2023, it resurfaced in May 2024 with enhanced features, a larger team, and support for 28 blockchains and hundreds of DeFi applications.

Phishing Incidents Surge by 215%

The incident comes amid a surge in crypto phishing attacks. In August 2024, ScamSniffer recorded a 215% increase in phishing incidents, with total losses surpassing $60 million. One notable case involved a single wallet losing $55 million in a phishing attack that targeted proxy ownership.

🚨 [1/7] ScamSniffer's August Phishing Report
In August, around 9,145 victims lost about $63 million to crypto phishing scams 😱🔒.
While the number of victims dropped by 34% from July, the stolen amount surged by 215%. pic.twitter.com/lm3dCtBQVH

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) September 3, 2024

Additionally, in September 2024, security firm Blockaid reported an upgrade to the infamous Angel Drainer phishing tool, which now operates under the name AngelX. The revamped tool launched over 300 phishing decentralized applications (dApps) in four days.

To prevent falling victim to such schemes, analytics firm LookOnChain advised users to avoid clicking on unfamiliar links and to verify all signatures before approving transactions.