An investor recently became a victim of a phishing attack, losing over $101,000 in various cryptocurrencies across multiple blockchains.
According to blockchain security firm PeckShield, the compromised address lost over 237.8 billion OSAK, valued at $66,682, from the DeFi project Osaka Protocol, as well as 287 billion CAW tokens, worth $26,490.
Additionally, 213 HIGH tokens valued at $938 and 426 USDT were stolen on the Ethereum network. Other assets taken include 3,000 USDC on the BNB Chain, as well as 0.5 PENDLE and 0.1 WBTC on Arbitrum. At the time of reporting, the address still holds $7,000 in crypto assets.
As of the latest check, the exploiter’s address still holds the stolen assets, with a balance of approximately $220,000 spread across various blockchain networks. The attackers utilized a multi-call function to exploit the victim, enabling the execution of multiple smart contract functions within a single transaction.
This exploitation method involves deceiving users into signing seemingly legitimate transactions that, unbeknownst to them, include malicious multi-call functions. Through this code, malicious actors gain unauthorized access to transfer funds or engage with contracts, resulting in the loss of assets without the user’s intended consent.
This year, phishing attacks in the crypto space have occurred less frequently but remain a significant threat. A recent case involved an unidentified market participant falling victim to such a scam, resulting in a substantial loss exceeding $674,000 in USDC, underscoring the persistent danger posed by these fraudulent activities.
This incident echoes earlier phishing attacks, including one reported this month, where a victim lost $145,000 worth of Bored Ape Yacht Club (BAYC) NFTs. In that particular case, three BAYC NFTs were stolen.
In a separate incident from April 2024, a trader lost over $180,000 in USDC and Andy tokens. The attackers utilized a similar multi-call strategy, consolidating multiple function calls within a single transaction, which resulted in funds moving from the victim’s address to various wallets controlled by the hackers.
0 Comments