Scam steals $35 million in cryptocurrencies in a single day
The number of cryptocurrency scams is increasing exponentially. In the third quarter of 2024 alone, scammers stole US$127 million in cryptocurrencies, including US$46 million in September alone. But one of them occurred just hours ago, when a hacker stole $35 million in a phishing attack.
Previously, Pig-Butchering scams were more common, causing regulators to band together to combat these rising cases. However, now phishing cases are gradually increasing.
New cryptocurrency scam in action
The attack that occurred this Friday (11) involved the theft of US$35 million in fwDETH tokens. According to information from X, the victim clicked on a malicious “permission” signature that granted control of the wallet to the hacker. In a matter of seconds he emptied his wallet, causing a huge loss.
So far, it has been revealed that the hacker's address is 0x0605…516ec, as this was the address that downloaded the stolen funds. More importantly, the victim's wallet address (0xeab2…0a393) likely belongs to Continue Fund, a venture capital firm that invests in other cryptocurrency projects.
However, even with experience in the segment, this time the company became a victim of one of the most common cryptocurrency scams on Web3. Hackers likely used temporary token addresses generated with the CREATE2 function.
This news gained attention after popular analytics platforms like Lookonchain revealed how a phishing subscription link led to the loss of 14,079 fwDETH. However, the hacker did not stop there and has already sold all the stolen fwDETH, causing major liquidity problems and price drops.
As a result, companies that rely on fwDETH also felt a major disruption, affecting DeFi protocols such as PAC Finance, Orbit Finance and others. However, these platforms are yet to make any official announcement.
$32 million attack
The cryptocurrency market is full of scams. Scam Sniffer, a Web3 security company, revealed that these phishing attacks turned 10,800 people into victims.
Even so, the number is quite high on these permission phishing signatures. A prime example is another victim who lost $32.43 million after losing 12,083 spWETH tokens.
In such phishing attacks, scammers trick people into attaching their cryptocurrency wallets to fraudulent websites and services. Once the account is linked, scammers can easily withdraw all of the victim's funds without authentication. These phishing attempts are often difficult to identify, making them prone to attack.