anonymous-4165613_1920
Representation of a digital assets hacker. FotoArt-Treu/Pixabay

KEY POINTS

  • Scam Sniffer detected the exploit Saturday, saying the whale signed a permit phishing signature
  • ZachXBT blasted the whale for carelessness, having been phished last year and again this year
  • Phishing related incidents accounted for $64 million in crypto losses during the first quarter: CertiK

A cryptocurrency whale – an individual or entity that holds millions worth of digital assets – who already lost some $638,000 to a phishing scam last year once again lost nearly $7 million following a permit signature phishing attack Saturday.

Web3 anti-scam platform Scam Sniffer first reported about the incident, saying a victim "lost $6.91 million due to signing a permit phishing signature," also called authorization phishing, wherein hackers exploit a wallet's signature functionality to steal the user's assets without on-chain transactions.

In particular, the whale lost 1,807.05 Ether.fi-Liquid1 (LQIDETHFIV1) worth $6,917,072 at the time of the exploit, as per Scam Sniffer.

Crypto researcher ZachXBT, who is well-known in the industry for his in-depth investigations into some of the biggest scams and exploits in the crypto space, revealed that the same whale had been "phished last year for $638K." The crypto sleuth expressed his dismay over the carelessness of some people with their assets.

Signature-related vulnerabilities are some of the most common issues that exploiters have used for their phishing operations, resulting in millions in losses across digital wallets.

Blockchain security firm CertiK said in its first quarter 2024 "Hacked" report that provides crypto users with an extensive look inside the security incidents in the crypto space during the said quarter that phishing accounted for most of the incidents in the sector in Q1. More than $64 million was lost to phishing scams in the said quarter, as per CertiK.

The biggest phishing incident of the quarter was the takeover of MicroStrategy's X (formerly Twitter) account in February. Blockchain security firms and crypto researchers, including ZachXBT, said some $440,000 was stolen after phishing hackers took over the account and posted fake free token links.

This is also not the first time a whale account has been attacked by exploiters. In September, a crypto whale lost over $24 million worth of digital assets to a major phishing incident. By March, CertiK detected a deposit of over $10 million in Ether (ETH) to crypto mixing tool Tornado Cash that it said was traced back to the September whale phishing incident.

The latest incident took place earlier this month, when hackers carried out an "address poisoning attack" on a whale account, resulting in losses of 1,155 Wrapped Bitcoin (WBTC) worth around $70 million at the time of the exploit.

Read more