1
Crypto phishing scams have been on the rise in recent months, blockchain security firms warned. Bybit/flickr.com

KEY POINTS

  • The phishing-linked address moved 3,700 Ether to Tornado Cash Thursday, Certik said
  • A crypto whale lost over $24M in September, with the phishing scammer immediately swapping the stolen crypto
  • In February alone, around $47 million was lost to crypto phishing scams, Scam Sniffer said

A deposit of over $10 million worth of Ether (ETH) into Tornado Cash was detected by a blockchain and decentralized finance (DeFi) monitoring firm Thursday. The deposited funds have been traced back to a major phishing incident in September, wherein a crypto whale lost over $24 million.

Blockchain security firm Certik flagged the movement of 3,700 ETH worth over $10 million based on current prices. "The fund traces to a major phishing incident back in September 2023 where $24M (at the time) worth of assets were lost," Certik said on X (formerly Twitter) on Thursday.

Certik noted that the crypto community should remain vigilant following the latest movement of stolen funds.

Blockchain security and data analytics company PeckShield first reported about a crypto whale falling victim to a phishing attack early in September. In the said attack, a total of 9,579.2 staked ETH (stETH) were among the stolen assets.

The pilfered cryptocurrencies were swapped for 13,785 ETH and 1.64 million worth of Dai (DAI) stablecoin. A total of 451,000 DAI were also transferred into instant crypto exchange Fixed Float shortly after the phishing attack.

Other blockchain security firms also picked up the crypto whale's massive loss, with Scam Sniffer calling the phishing attack "insane." MistTrack, the crypto tracking team of blockchain security firm SlowMist, said most of the remaining funds that weren't put on Fixed Float were stashed in three different digital wallets.

News of the transfer of cryptocurrencies linked to the phishing scam comes as phishing hackers continue to evolve their attacks along with the crypto industry's technological revolution.

Earlier this month, the X account of Web3 messaging solution Beoble was compromised by phishing actors who posted a fake token-related claim for users of the platform. Some users claimed their wallets were "drained." Others hoped the platform would "take some responsibility and compensate."

Scam Sniffer said in its February phishing report that around 57,000 victims collectively lost approximately $47 million to crypto phishing scams. "Most of the thefts of all ERC20 tokens were due to assets being stolen as a result of signing phishing signatures such as Permit, IncreaseAllowance, and Uniswap Permit2," the web3 anti-scam tracker noted.

Interestingly, the crypto whale who lost over $24 million in September enabled token approvals to the phishing actor by signing Increase Allowance transactions.

Read more