On May 3, a recent phishing attack targeting a major whale in the cryptocurrency space raised concerns. The attack resulted in the theft of 1155 wrapped bitcoins (WBTC), valued at approximately $70 Million.
Web3 Anti-Scam platform, Scam Sniffer, has identified the attack, as the attacker utilized addresses with matching beginning and end digits to deceive the victim. While this phishing method is not new, the scale of the losses incurred in this event has created warning alarms all across the crypto community, spreading shockwaves among the users.
2 hours ago, another victim lost $68 million by copying the wrong address from a contaminated transfer history. pic.twitter.com/DepNCnyXhM
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) May 3, 2024
How Did The Phishing Attack Unfold And Execute?
The phishing attack unfolded as follows:
* The hacker was using batch programs deployed in a distributed manner.
* Thus, it generated a large number of phishing addresses.
* They identified a target with an intended transfer address matching the first 4 and last 6 digits of the victim’s address through monitoring on-chain user activities.
* Once the user initiated a transfer, the hacker swiftly followed up with a transaction from the phishing address, appearing in the user’s transaction history, ultimately leading to the transfer of 1155 WBTC to the phishing addresses.
Then, an analysis conducted using the on-chain tracking tool MistTrack revealed that the hacker exchanged the stolen WBTC for 22955 ETH and transferred them to the following ten addresses:
Source: Slowmist.com
The hacker then began moving the ETH from these addresses on May 7, employing a pattern of fund transfers involving leaving no more than 100 ETH in each address before distributing the remaining funds evenly and transferring them to the next layer of addresses.
The extended investigation into the phishing incident led to the discovery of the hacker’s fee address, which initiated over 20,000 small transactions that distributed small amounts of ETH to various addresses for phishing purposes.
This widespread net approach suggests the involvement of multiple victims. Through extensive scanning, other phishing related incidents were identified, indicating a pattern of operation by the same hacker address.
Other Phishing Incidents Were This Hacker Was Involved
The hacker has a history of illegal gains, which reveals a laundering pattern involving the conversion of ETH into Monero or transfer across chains to platforms like Tron and suspected over-the-counter (OTC) addresses. This suggests the possibility of employing similar methods to move funds obtained from the WBTC phishing incident.
Based on threat intelligence networks, several IPs suspected to be used by the hacker were identified and originated from mobile stations, with the use of VPNs not being ruled out.
Despite stealing 1155 WBTC, the hacker continues to engage in criminal activities, deactivating current addresses and transferring funds to new phishing addresses.
How To Defend Phishing Attacks?
To defend against phishing attacks, users are advised to utilize whitelisting mechanisms. It will enable small transaction filtering in wallets, carefully verify addresses before confirming transactions, and conduct test transactions with small amounts.
These proactive measures can help mitigate the risk of falling victim to phishing attacks and safeguard users’ assets in the crypto space.
In conclusion, the phishing attack resulted in the loss of WBTC, worth $70 Million. It underscores the importance of vigilance and proactive security measures in the cryptocurrency space.
By understanding the methods that hackers utilize and implementing preventive strategies, users can better protect themselves against such malicious activities, ensuring the safety of their digital assets.
