More than $2 million worth of Ethereum stolen in an elaborate phishing scam

Cryptocurrency phishing scams have cost nearly 100,000 victims more than $100 million this year.

A recent phishing attack resulted in a cryptocurrency investor losing approximately $2 million in value, totaling 501 ETH. The funds are staked through the liquidity staking protocol Ether.Fi.

On-chain data shows that the theft occurred earlier today and involved two transactions. In one transaction, 426 ETH was lost, followed by another 75 ETH. At the time of the attack, the stolen assets were valued at approximately $16.6 million and $276,000 respectively.

As a result of the theft, the wallet's net asset value plummeted by more than 99.93%, leaving only $1,453.

Scam Sniffer is a Web3 security platform that detects phishing scams by identifying "IncreaseAllowance" transactions used in attacks. This method allows attackers to access funds without the victim's authorization, which is not uncommon in the cybersecurity world.

More than $100 million lost to phishing scams this year

The incident comes amid a surge in phishing scams targeting the industry this year.

According to data from Scam Sniffer, approximately 97,000 cryptocurrency users suffered phishing attacks in the first few months of this year, resulting in losses of up to $104 million. Specifically, losses in January reached $57.7 million, and losses in February were $46.8 million. The data highlights the huge impact phishing attacks have on cryptocurrency users and serves as a reminder to remain vigilant when it comes to cybersecurity.

A breakdown of the attack shows that Ethereum users suffered the greatest losses, with $78 million in assets including ETH and ERC20 tokens stolen.

The main method used by cybercriminals is to trick victims into signing malicious phishing signatures such as "Uniswap Permit2" and "increaseAllowance", which allow malicious actors to gain unauthorized access to victims' funds.

Scam Sniffer explained, “Most thefts of ERC20 tokens occur due to signed tokens such as Permit, IncreaseAllowance, and Uniswap Permit2 and other phishing signatures resulted in asset theft. "

Scam Sniffer revealed that most of the victims were victims of fake comments on social media platforms, especially X (formerly Twitter). Attackers often pose as legitimate cryptocurrency organizations to lure unsuspecting individuals to phishing websites where their digital assets can be stolen.

The above is the detailed content of More than $2 million worth of Ethereum stolen in an elaborate phishing scam. For more information, please follow other related articles on the PHP Chinese website!