HomeHackedHacker Steals $32 Million from spWETH Holder by Employing Phishing Attack

Hacker Steals $32 Million from spWETH Holder by Employing Phishing Attack

-

An spWETH holder lost over 12,000 tokens to a phishing attack. Such scams have hit new levels in 2024.

A hacker employed a phishing attack to successfully drain $32 million worth of Spark Wrapped Ether (spWETH) tokens. The victim’s wallet address ends with “e57” and had 12,083 spWETH stolen from it. 

Blockchain cybersecurity firm CertiK, from its CertiK Alerts account on X, reported the incident. “Recently, EOA 0xaa1582084c4f588ef9be86f5ea1a919f86a3ee57 was drained of 12,083 spWETH (~$32M).” The hacker then moved 10,000 spWETH, worth about $26 million, to the address 0x471c. A portion of that was further sent to four other wallets. The hacker sent 1,750 ETH to 0x105, 2,613 ETH to 0x278d, 3,730 ETH to 0x408d, and 1,865 ETH to 0xfaf2. 

Source: CertiK Alerts

Arkham Intelligence, the blockchain intelligence platform, has labeled the victim’s fault as belonging to Shixing Mao, the founder of F2Pool. However, that has yet to be confirmed by Arkham.

Phishing Attacks Are on the Rise

Phishing attacks are often employed by cybercriminals, with August witnessing a 215% spike in the amount stolen from July, according to cybersecurity firm Scam Sniffer. About 9,145 victims were affected, as scammers made away with $63 million, and a single crypto user lost $55 million. They authorized an illicit transaction, draining 55 million DAI stablecoin tokens from their wallet. 

Such scams have wreaked havoc on users—CertiK reported that the first half of 2024 witnessed $498 million worth of crypto lost to phishing attacks. September has also seen its fair share of phishing scams. DuckDuckGo ranked a fake EtherScan website in its search, making many users believe it to be the real deal. The website asked them to connect their MetaMask to it. However, the nefarious platform instead worked to drain the funds when users allowed it to ‘connect’ with their wallets.

If that seems worrying, another phishing attack successfully scammed $520,919 in PENDLE-LPT tokens from a single user. They signed a permit phishing signature, losing access to their assets. 

Phishing scams can work in numerous ways but always involve attackers pretending to be representatives of a reputable firm or setting up fake websites that users think are the real deal. In the first scenario, the bad actors entice users to reveal their wallet information, including private keys, by presenting scenarios like users’ accounts being frozen and them wanting to help fix the issue. The latter scenario involves users clicking on malicious links and unknowingly offering permission to them to drain funds from their wallets.

FOLLOW US

Upcoming Events

Most Popular