tl;dr
A cryptocurrency investor lost 1,807 Ether.fi-Liquid1 tokens, valued at $6.9 million, to a phishing scam involving a malicious Permit phishing signature. The scam utilized off-chain authorization signatures to execute transactions, enabling the theft without on-chain transactions. The stolen funds a...
A cryptocurrency investor lost 1,807 Ether.fi-Liquid1 tokens, valued at $6.9 million, to a phishing scam involving a malicious Permit phishing signature. The scam utilized off-chain authorization signatures to execute transactions, enabling the theft without on-chain transactions. The stolen funds are in two wallets linked to the Pink and Inferno Drainers, known for draining-as-a-service (DAAS) activities. The drainers offer tools for phishing exploits in exchange for a share of the stolen funds. The Pink Drainer retired after amassing $85 million in stolen assets, while the Inferno Drainer resumed operations. Phishing attacks, using fake accounts on social media to lure users to malicious websites, remain a prevalent method for stealing digital assets.
A cryptocurrency investor recently lost millions to a sophisticated phishing scam. Scam Sniffer, a Web3 anti-scam firm, reported that the investor was tricked into signing a malicious Permit phishing signature. This authorization led to the theft of 1,807 Ether.fi-Liquid1 tokens, valued at $6.9 million. Moreover, blockchain investigator ZachXBT noted that the same investor fell victim to a phishing attack last year, losing $638,000.
The scam involved using a permit function, allowing an off-chain authorization signature to execute transactions on another address’s behalf. This method enabled the transfer of tokens without on-chain transactions, facilitating the theft. The theft involved two wallets, 0xE56978, from the scammer and 0xFC4EA, belonging to a drainer. Notably, the stolen funds remain within these addresses. Meanwhile, MistTrack, a crypto tracking and compliance platform built by SlowMist, found connections to the Pink and Inferno Drainers, notorious draining-as-a-service (DAAS) providers in the theft. The drainers offer scammers tools for phishing exploits, such as fake social media accounts and websites, in exchange for a cut of the stolen funds. BeInCrypto reported that these services were used to steal $295 million from 324,000 victims in 2023.
"Another huge amount of phishing, nearly 7 million USD of ETH pledged assets from the old phishing gang Inferno Drainer. The reason is that the relevant permit offline authorization signature was phished away. Are there still many people who haven’t heard of the phishing tricks or rumors of '1click f#ck?' I hope the victims can come forward to tell their own stories, especially what wallets they used,” Yu Xian, founder of SlowMist, commented.
Last week, Pink Drainer announced its retirement after amassing $85 million in stolen assets. Around the same period, Inferno Drainer resumed operations after a brief hiatus, citing increased demand and competitors’ exit. This incident further shows that phishing attacks remain a prevalent method for stealing digital assets. Scammers often use fake accounts on social media platforms to impersonate legitimate projects. These accounts may display fake verification marks and post deceptive comments to lure users to malicious websites that drain their assets.
Sponsored
Sponsored
Best crypto platforms in Europe | May 2024
YouHodler YouHodler Explore →
Wirex App Wirex App Explore →
Coinbase Coinbase Explore →
PrimeXBT PrimeXBT Explore →
SunContract SunContract Explore →
TRUSTED