Cryptocurrency investors recently lost millions of dollars due to a sophisticated phishing scam. Web3 fraud prevention company Scam Sniffer reported that investors were tricked into signing malicious Permit phishing signatures.
This authorization resulted in the theft of 1,807 Ether.fi-Liquid1 tokens worth $6.9 million. Additionally, blockchain researcher ZachXBT noted that the same investor suffered a phishing attack last year and lost $638,000.
Pink and Inferno Drainer linked to attack
The scam involved using permission functions to allow off-chain authorization signatures to execute transactions on behalf of other addresses. This method allows tokens to be transferred without an on-chain transaction, making theft easier.
The theft included two wallets: 0xE56978, a scammer’s wallet, and 0xFC4EA, belonging to a drainer. In particular, stolen funds remain at this address.
Meanwhile, MistTrack, a cryptocurrency tracking and compliance platform built by SlowMist, discovered links to Pink and Inferno Drainers, Draining-as-a-Service (DAAS) providers notorious for theft incidents. Drainers provide fraudsters with tools for phishing attacks, such as fake social media accounts and websites, in exchange for a cut of the stolen funds. BeInCrypto reported that these services were used to steal $295 million from 324,000 victims in 2023.
“Another massive phishing operation, with almost $7 million worth of ETH assets pledged as collateral… The Inferno Drainer, an old phishing gang, attacked. This is because the relevant permit offline approval signature was phished. Are there still many people who haven’t heard of the phishing method or the ‘1click f#ck’ rumor? We hope victims will come forward and tell their stories, especially which wallet they used,” said Yu Xian, founder of SlowMist.
Last week, Pink Drainer announced her retirement after amassing $85 million in stolen assets. During the same period, Inferno Drainer also resumed operations after being temporarily suspended due to increased demand and the departure of competitors.
Read more: Crypto Scam Project: How to Spot Fake Tokens
This incident shows that phishing attacks are still a popular way to steal digital assets. Scammers often use fake accounts on social media platforms to impersonate legitimate projects. These accounts can display fake checkmarks and post fraudulent comments to lure users to malicious websites that drain their assets.
disclaimer
In compliance with Trust Project guidelines, BeInCrypto is committed to unbiased and transparent reporting. These news articles aim to provide accurate and timely information. However, before making any decisions based on this content, readers are encouraged to check the facts and consult with experts. Our Terms of Use, Privacy Policy and Disclaimer have been updated.