scam sniffer
New Phishing Scams on Solana (SOL) Have Stolen Over $4,000,000 in Crypto Assets: Security Firm
New data from a cybersecurity firm reveals that recent phishing scams over smart contract platform Solana (SOL) have stolen over $4 million in crypto assets. In a new blog post, security firm Scam Sniffer says that in the past month alone, bad actors were able to exploit $4.17 million worth of digital assets from about […]
The post New Phishing Scams on Solana (SOL) Have Stolen Over $4,000,000 in Crypto Assets: Security Firm appeared first on The Daily Hodl.
Phishing victim sends eye-watering $4.5M in USDT to scammer
On-chain data shows the $4.5 million was first transferred from the Kraken crypto exchange, before eventually arriving at an address purportedly owned by a scammer.
An unwitting cryptocurrency holder has reportedly fallen victim to an eye-watering $4.46 million phishing scam.
According to data from Etherscan, $4.46 million in Tether (USDT) was withdrawn from a Kraken crypto exchange wallet and eventually sent to an address ending “ACa7.”
Blockchain security firm PeckShield, has labeled the address as being owned by a phishing scammer.
#PeckShieldAlert The address 0x2175...f7D9 got scammed for 4.46M $USDT
— PeckShieldAlert (@PeckShieldAlert) September 21, 2023
Victim's address: 0x2175c0082d052872501f7fe54e1aC59858aaf7D9
Scammer's address: 0xAbb07822F471773Ff00b9444308ceEB7cf0dACa7 pic.twitter.com/Ny9CIrkBxw
Another blockchain scam platform, Scam Sniffer, suggested on Sept. 20 that the funds were sent to an address linked to a “fake Coinone crypto mining exchange."
someone withdrew $4.46 million from Kraken to a fake Coinone crypto-mining exchange about 1 hour ago.https://t.co/ued55jlWdM pic.twitter.com/tsV5BGDY0O
— Scam Sniffer (@realScamSniffer) September 20, 2023
Scam Sniffer linked to a user-created Dune Analytics dashboard, suggesting attacks of this nature have seen scammers steal approximately $337.1 million USDT in total, impacting as many as 21,953 individuals.
Related: Crypto whale loses $24M in staked Ethereum to phishing attack
The Global Anti-Scam organization says this type of approval mining scam usually tricks victims into authorizing unlimited withdrawals from their cryptocurrency wallet.
“When you create a self-custody crypto wallet [...] you obtain a "private key" that is safeguarded through encryption. However, the fraudsters do not need your seed phrase,” GASO said, explaining on its website that when a victim clicks to partake in the fake mining pool, they’re clicking on a button that will request a $10 to $50 network fee in Ether (ETH).
While it seems reasonable, GASO suggests it is part of to trick the user:
“This is merely a front to obtain your digitally signed authorization, allowing unlimited access to your wallet via the USDT smart contract.”
Magazine: Asia Express: Thailand’s national airdrop, Delio users screwed, Vietnam top crypto country
‘Inferno Drainer’ scam as a service has stolen $5.9M since March: Report
The service provides code to scammers that allows them to drain wallets using token approval phishing methods
A new scam as a service called “Inferno Drainer” has reportedly stolen nearly $6 million from unsuspecting crypto users, according to Web3 scam detecting firm Scam Sniffer. Inferno Drainer reportedly advertises that it provides ready-to-go code to scammers, allowing them to steal crypto in exchange for a 20% cut of the scammer’s crypto "loot".
1/ Inferno Drainer, a scam vendor specializing in multi-chain scams, has stolen $5.9 million in assets from nearly 4,888 victims through over 689 phishing websites targeting popular projects.https://t.co/OEjdzHm2Ls
— Scam Sniffer (@realScamSniffer) May 19, 2023
The scam service was discovered by security enthusiast and pseudonymous Twitter user 0xSaiyanElite, who happened to run across a promoter of it while browsing the Scam Sniffer Telegram channel. Saiyan reported the scammer to the channel, and the security service began an investigation. They found a screenshot showing a $103,000 drain transaction using a Permit2 exploit. Permit2 exploits are phishing scams that rely on a simplified version of the token approval process.
As told by Scam Sniffer, the screenshot showed the transaction hash of the theft, prompting the team to search up the transaction, which uncovered the exploiter’s address. Scam Sniffer then found the said address was associated with over 689 phishing websites created since March 27 and had drained $5.9 million from victims on various networks, including Ethereum, Arbitrum, Polygon, and BNB Chain. Scam Sniffer created a Dune analytics dashboard to reveal the data validating this conclusion.
Related: Pepe memecoin frenzy gets unwanted attention from scammers
According to the report, Inferno Drainer advertised its “service” to scammers in return for 20% of profits. It even offered to build phishing sites for customers in exchange for 30%, but only for “good customers or people with big potential.”
Scams as services have become an increasing problem in the crypto community over the past few months. A similar service called “Monkey Drainer” was discovered by ZachXBT in October. It drained at least $1 million in ETH from users before shutting down in March.
Magazine: Should crypto projects ever negotiate with hackers? Probably