Over $2 Million in Ethereum Stolen in Sophisticated Phishing Scam

A recent phishing attack resulted in a cryptocurrency investor losing 501 ETH, worth approximately $2 million, deposited through Ether.Fi, a liquid re-staking protocol.

According to on-chain data, the theft occurred this morning and involved two transactions. 426 ETH was withdrawn in one transaction, and another 75 ETH was withdrawn in a subsequent transaction. The assets stolen during the attacks were valued at approximately $1.6 million and $276,000, respectively.

As a result of the theft, the wallet’s net worth plummeted by more than 99.93%, leaving only $1,453 in the wallet.

Scam Sniffer, a Web3 security platform, Confirmed The attack appeared to leverage the “IncreaseAllowance” transaction, a signature commonly associated with phishing scams that allows attackers to access funds without the victim’s approval.

More than $100 million lost due to phishing scams

This incident occurred amid a surge in phishing scams targeting the industry this year.

According to data provided by Scam Sniffer, phishing attacks scammed $104 million from approximately 97,000 cryptocurrency users earlier this year. There was a loss of $57.7 million in January and a loss of $46.8 million in February.

Analysis of the attack showed that Ethereum users suffered the most, losing $78 million in assets, including ETH and ERC20 tokens.

The main method used by cybercriminals was to trick victims into signing malicious phishing signatures such as “Uniswap Permit2” and “increaseAllowance”. This allowed malicious players to gain unauthorized access to victims’ funds.

“The majority of all ERC20 token thefts occur because assets are stolen as a result of signing phishing signatures such as Permit, ImproveAllowance, and Uniswap Permit2,” Scam Sniffer explained.

Scam Sniffer found that most victims fell victim to deceptive comments on social media platforms, especially X (formerly Twitter). Attackers often masquerade as legitimate cryptocurrency organizations to lure unsuspecting individuals to phishing sites where their digital assets are stolen.

The post Over $2 Million in Ethereum Stolen in Sophisticated Phishing Scam appeared first on CryptoSlate.