Scam Sniffer revealed that an unknown address lost 15,079 fwDETH, worth approximately $35 million, in a permit phishing attack on October 10. The attack happened in two stages. The first stage took 12,817.15 fwDETH, while the second drained 2,261.85 fwDETH.
Scam Sniffer also revealed the addresses of the hacker and the victim. The permit phishing signature attack make unknowing victims sign a malicious permit signature. After signing, the attacker can drain the victim’s wallet.
More information from X users revealed that the attacker sold the stolen assets soon after the attack. The sale led to sharp declines in the DETH prices, losing approximately 90% of its value in the last 24 hours. Some Ethereum watchers speculated that the sudden plunge in DETH prices could lead to significant issues on chains like Orbit Finance and PAC Finance.
Bitget revealed that the fwDETH price dropped nearly 95% yesterday night to around $85 from the day’s highs of $1,922. The coin continued to rise over the next hours, reaching over $700. According to data from CoinGecko, fwDETH has been down about 37.36% in the past 24 hours. The price of the fwDETH/fwWETH pair, according to the Gecko Terminal at the time of writing, is $1,271.22.
Another user loses $32 million in spWETH
🚨 43 mins ago, someone lost 12,083 spWETH ($32.43M) after signing a "permit" phishing signature.💸 pic.twitter.com/y7PQZW2FZq
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) September 28, 2024
Scam Sniffer reported another permit phishing signature attack of an unknown user on September 28, which led to the draining of 12,083 spWETH worth over $32 million. The attacker stole the assets in four transfers from the victim. Arkham Intelligence’s AI-based identification reportedly suspected that the wallet of the victim belonged to F2Pool and Cobo co-founder Shixing Mao.Â
The attackers were reportedly linked to Inferno Drainer, a well-known phishing attack Scam-as-a-service organization. Inferno Drainer creates fake decentralized applications to exploit unknowing users. Scam Sniffer reportedly mentioned that the organization had stolen over $215 million from over 200,000 victims. Inferno Dariner initially paused its activity last year before resuming in May this year.Â
Another victim in May lost about $6.9 million to a permit phishing signature attack. The victim lost around $638,000 in 2023.Â
Crypto phishing scams siphon $46 million in September
Crypto security firm CetriK revealed data on September crypto phishing scams in its quarterly report for Q3 2024, published on October 2. The report highlighted that phishing attacks drained approximately $46 million from over 10,000 phishing victims.Â
The third quarter of this year saw losses amounting to over $753 million due to malicious attacks on user wallets. The Web3 security firm also divulged that the value lost had increased by 9.5%. The report highlighted about 155 incidents related to security concerns, 27 fewer incidents than in Q2.Â
CetriK further revealed that phishing was the most prominent attack during the third quarter, amounting to over $343 million stolen across 65 phishing incidents. Ethereum was the blockchain targeted in Q3, recording over $387 million in losses across 86 incidents. $89 million was lost to attacks in other chains.Â
The security firm confirmed that crypto and blockchain security will remain a major issue in 2024. CetriK explained that with the evolving technologies, malicious actors are finding new ways to exploit vulnerabilities in different ecosystems. The firm noted that in 2024 alone, crypto losses to security attacks have been nearly $2 billion.