A wallet ending in "e57" fell prey to a sophisticated phishing attack on Sept. 27 that left the wallet drained of 12,083 Spark Wrapped Ethereum tokens (spWETH), valued at $32 million.
According to security firm CertiK, 10,000 spWETH, valued at approximately $26 million, was initially sent to a wallet beginning with "0x471c." A portion of these funds was subsequently transferred to 4 additional wallets.
1,750 Ether (ETH) was transferred to a wallet beginning with the characters "0x105c", 2,613 ETH was sent to a wallet starting with "0x278d", an additional 3,730 ETH to an address beginning with "0x408d", and, finally, approximately 1,865 ETH was transferred to an address beginning in "0xfaf2."
Source: CertiK Alert.
Data from Arkham Intelligence revealed that the compromised wallet may belong to F2Pool founder Shixing Mao; however, this information has yet to be verified.
Related: Decentraland X account hacked, phishing scam targets MANA airdrop
Phishing attacks on the rise in August 2024
In August 2024, crypto phishing attacks rose sharply by 215%. According to security firm Scam Sniffer's August phishing report, total losses from the malicious attacks for the month exceeded $66 million. The security firm identified one wallet that lost a whopping $55 million in a single phishing attack targeting the victim's proxy ownership.
A September 2024 report from Blockaid revealed that the infamous Angel Drainer — malicious phishing software that targets cryptocurrency users — was upgraded to the newer AngelX. The newly upgraded phishing software deployed more than 300 phishing decentralized applications (DApps) within only four days.
At the time, a Blockaid spokesperson expressed concern that the upgraded AngelX phishing suite targeted "newer" blockchain networks such as The Open Network (TON) and Tron (TRX). One of the most alarming features of AngelX is a newly upgraded control panel — giving malicious actors unparalleled control to create customized and increasingly sophisticated phishing scams.
Search engines unknowingly feature malicious phishing links
A Sept. 11 report from Scam Sniffer revealed that search engine DuckDuckGo displayed fraudulent Etherscan sites. The security firm warned that these malicious links prompt users to connect MetaMask wallets — leading to hackers being able to access funds once the wallets are connected.
Magazine: Bankroll Network DeFi hacked, $50M phisher moves crypto on CoW: Crypto-Sec