A User Lost $4.2 million in a Phishing Attack

A User Lost $4.2 million in a Phishing Attack

Phishing Attack Discovery

Discovered by the investigative unit Scam Sniffer on the morning of January 22, a user with the wallet address 0x17…3487 lost aEthWETH and aEthUNI totaling $4.2 million due to a phishing attack.

insane! someone lost $4.20m worth of aEthWETH and aEthUNI to crypto phishing about 40 minutes ago!https://t.co/PqtYbfjrW5 pic.twitter.com/2Nhx4HDQcK

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 22, 2024

The victim approved multiple ERC-20 Permit transactions, enabling the attacker to exploit the CREATE2 opcode contract type, bypassing security warnings, creating new addresses for each signature, and successfully redirecting the victim’s funds.

victim:
0x1749ad951fb612b42dc105944da86c362a783487

scammers:
0x0000372B2BC916D6c904495e53533Ae90740F688
0xf672775e124E66f8cC3FB584ed739120d32bBaad

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) January 22, 2024

In August 2023, a similar case using this method was reported by the security firm Slow Mist, resulting in the theft of $3 million in crypto.

Related: Phishing Attacks Cost Nearly 295 Million USD in 2023

Scam Sniffer Issues Warning

Scam Sniffer warns traders to exercise extreme caution when approving transactions, paying particular attention to warnings from Web3 wallet applications. Additionally, users are advised to equip themselves with knowledge about various phishing methods, including signature phishing.

According to Scam Sniffer’s New Year report, users lost nearly $295 million in 2023 due to impersonation attacks. This type of scam is considered the most prevalent tactic employed by hackers in the crypto space.