Crypto Trader Loses Over $35M in Phishing Attack

According to an on-chain discovery by blockchain security platform ScamSniffer on X, a crypto whale has lost over $35 million in tokens after interacting with a malicious link.

🚨 5 hours ago, someone lost 15,079 fwDETH($35M) after signing a "permit" phishing signature.💸 pic.twitter.com/YG6KlgWMtv

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 11, 2024

The incident resulted in the loss of 15,079 wrapped Ether tokens (fwDETH) from the decentralized finance (DeFi) platform Duo Exchange (DUO), valued at approximately $35 million.

Stolen Assets Plummet

Following the phishing incident, the attacker converted the fwDETH to DETH, a wrapped Ether token associated with the decentralized exchange DUO. To quickly convert the stolen assets into more stable assets, the attacker exchanged DETH back to ETH through Swap.

However, due to insufficient liquidity in the DETH pool, 14,079 DETH only yielded 2,288 ETH. The action drained the pool, causing the DETH/WETH pair to become significantly unpegged. As a result, the value of the stolen assets plummeted by 85%, dropping from $35.98 million to $5.5 million.

The rapid decline in DETH’s price reportedly triggered attacks on protocols such as PAC Finance and Orbit Finance.

$127M Lost to Phishing Attacks in Q3

In the third quarter (Q3) of 2024, investors lost more than $127 million in cryptocurrencies. Approximately $46 million of that total was stolen in September alone. According to CoinTab, about 10,800 individuals fell victim to phishing attacks in September.

Two significant phishing incidents led to losses totaling $87 million in Q3. One incident involved a single wallet that lost $55 million due to a phishing attack targeting proxy ownership. The largest reported loss occurred on September 28, when a phishing attack utilizing a permit phishing signature drained 12,083 spWETH, amounting to $32.43 million.

The latest exploit highlights the continued threat of phishing attacks in the crypto industry. This has prompted various security warnings within the crypto community. For instance, following a detailed explanation of the attack, the blockchain security firm stated:

“Be cautious of phishing attempts in these common scenarios, and familiarize yourself with common phishing signatures that can lead to the theft of your assets.”