After Signing a Malicious Transaction Associated With a Phishing Attack, a Cryptocurrency Trader Has Lost Over $1.28 Million in Various Digital Assets

On Oct. 14, blockchain security firm PeckShieldAlert reported that a trader lost significant amounts of PEPE, APU, and MSTR tokens after being tricked

A cryptocurrency trader has lost over $1.28 million in various digital assets after signing a malicious transaction linked to a phishing attack.

On Oct. 14, blockchain security firm PeckShieldAlert reported that a trader lost significant amounts of PEPE, APU, and MSTR tokens after being tricked into signing a phishing permit signature. Specifically, the victim’s wallet, identified by “0xb0b..40c7,” lost 108 billion PEPE, 73.8 million APU, and 165,000 MSTR tokens.

The permit signature granted attackers control over the victim’s wallet, enabling them to drain the funds in six quick transactions.

#PeckShieldAlert The address 0xb0b8…40c7 has been drained of ~$1.28M worth of cryptos, including 108B $PEPE, 73.8M $APU, and 165K $MSTR, after signing a #phishing permit signature.

The #phishing address #Fake_Phishing442846 is linked to the scammers who drained $32M worth of… pic.twitter.com/fq3a4DD0tD

— PeckShieldAlert (@PeckShieldAlert) October 14, 2024

This method of attack, known as an approval phishing attack, is gaining steam in the crypto space. In this attack, users unknowingly grant permission to malicious actors to transfer their assets.

Once they capture a signature, attackers swiftly transfer assets from the victim’s wallet to their controlled addresses. The attackers then proceed to distribute the stolen cryptos across multiple wallets.

One of the wallets involved (“Fake_Phishing442846”) was previously linked to an attack two weeks ago, where over $32 million in spWETH tokens were drained. These incidents point to a growing trend of phishing attacks on cryptocurrency traders and investors.

According to reports from blockchain intelligence firm Arkham, the previous $32 million theft and the recent attack were linked to Inferno Drainer, a well-known phishing-as-a-service provider in the crypto space. Inferno Drainer offers criminals a platform to launch phishing websites and other tools to trick users into signing over control of their wallets.

The service, which resurfaced in May 2024 after briefly ceasing operations, charges scammers 30% for phishing websites and 20% for successful attacks. Since 2021, Inferno Drainer has been linked to numerous cryptocurrency phishing attacks.

Data from Dune Analytics showed that the service has stolen $237.7 million from over 200,000 victims. Despite being temporarily taken down in late 2023, demand from cybercriminals drove its resurgence, with the app continuing to be a major threat in 2024.

Phishing attacks have become a major source of losses for crypto investors. A recent Chainalysis report estimated that phishing scams have siphoned off $2.7 billion in multiple virtual assets since 2021.

The approval phishing attack continues to wreak havoc, as unsuspecting users are often unaware of the permissions they are granting to attackers. Last week, Cryptomode reported another high-profile incident involving a wallet linked to a venture capital fund losing $35 million in fwDETH tokens using this same technique.

This exploit led to a significant dip in the token’s value, with a 90% decrease observed after the incident. Notably, blockchain security firm CertiK’s Q3 report identified phishing as the most damaging form of attack in 2024. The report estimated losses from phishing attacks at $343.1 million across 65 incidents in Q3 alone.