Over $2 million in Ethereum stolen in sophisticated phishing scheme
Crypto phishing scams have claimed more than $100 million from nearly 100,000 victims this year.
A recent phishing attack has left a crypto investor reeling from a loss of 501 ETH, valued at approximately $2 million, staked through liquid restaking protocol Ether.Fi.
On-chain data reveals that the theft occurred earlier today and involved two transactions. In one transaction, 426 ETH were siphoned, followed by another 75 ETH in a subsequent transaction. At the time of the attack, these stolen assets were valued at roughly $1.6 million and $276,000, respectively.
As a result of the theft, the wallet’s net worth plummeted by over 99.93%, leaving them with only $1,453.
Scam Sniffer, a Web3 security platform, identified the attack as utilizing an “IncreaseAllowance” transaction, a signature commonly associated with phishing schemes that enable attackers to access funds without the victim’s authorization.
Over $100 million lost to phishing scams
This incident occurs amidst a surge in phishing scams targeting the industry this year.
According to data provided by Scam Sniffer, $104 million was defrauded from approximately 97,000 crypto users in the initial months of this year due to phishing attacks. In January, losses amounted to $57.7 million, followed by $46.8 million in February.
A breakdown of the attacks shows that Ethereum users bore the brunt, losing $78 million in assets, including ETH and ERC20 tokens.
The primary method employed by cybercriminals involved duping victims into signing malicious phishing signatures, such as “Uniswap Permit2” and “increaseAllowance,” which enabled the malicious players to gain unauthorized access to their victims’ funds.
“Most of the thefts of all ERC20 tokens were due to assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2,” Scam Sniffer explained.
Scam Sniffer revealed that most victims fell prey to deceptive comments on social media platforms, particularly X (formerly Twitter). The attackers often masquerade as legitimate crypto organizations to lure unsuspecting individuals to phishing sites where their digital assets are stolen.