A crypto whale has fallen victim to a MAJOR phishing scam that saw over $6.9 million stolen. This was the second time in one year – in this article find out how to avoid being drained.
In crypto, you get to choose what to do with your valuables. They can be worth millions of dollars.
While freedom is finally here, it is proving to be extremely expensive for some – securing private keys, required for confirming ownership, has led to billions of losses over the years. And among the biggest losses are crypto investors falling prey to phishing scams.
Victim Losses $6.9 Million In A Phishing Scam
In a crypto phishing scam, the goal is to steal private keys or get the victim to approve a transaction, painfully sending them to the cleaners.
Since crypto transactions are irreversible and can’t be blocked when “initiated” by the victim, millions, if not billions, of dollars have been lost.
Last week, one of them lost a whopping $6.9 million, and how the incident happened was well recorded.
(EtherScan)
According to web3 sleuths, first picked out by Zach XBT, the victim was tricked into signing a malicious Permit signature.
The “permit function” was designed to streamline Ethereum smart contract operations transactions. However, in the wrong hands–like in this case–, it can be used for malicious purposes.
A permit function allows users to sign transactions off-chain once details like the amount and the recipient’s address are received.
If the signature was initiated by a scammer, what it means is that the victim approves the transfer of all funds.
In this case, blockchain security analysts said the victim lost 1,807 eLIQ1 tokens, wiping the account clean.
If you stake ETH via Ether.fi liquid staking platform, you receive eLIQ1 tokens in return. They represent your stake coins but are liquid, meaning you can trade them on exchanges like Binance or Coinbase.
There were multiple transfers of eLIQ1 tokens.
A portion of funds were moved to the scammer’s address while the rest were transferred to Drainer-as-a-Service (DAAS) platforms, Pink and Inferno Drainers.
DAAS providers like Inferno empower scammers for a fee, providing the necessary infrastructure.
They source all the tools for successful campaigns, including providing fake websites and social media accounts to lure unsuspecting victims.
Unfortunately for the victim, this was not the first time. Last year, the address lost $638,000 through a phishing campaign.
DISCOVER: How to Buy Bitcoin ETF in May 2024 – Beginners Guide
Stay Safe, Do This To Avoid Falling Prey to Crypto Scam
The problem is no one is safe – scammers are using increasingly sophisticated tactics to get their way.
For this reason, staying safe is crucial.
To avoid being a victim of a phishing scam, do this:
- Be cautious, and never click unsolicited links or messages–regardless of the offer. Always double-check and make sure they are from legitimate sources.
- Most phishing campaigns use fake websites that closely resemble real ones. For example, a phony phishing scam website can be “Unizwap,” not the real “Uniswap“. Therefore, verify the website address as much as possible before interacting with any platform.
- Never share your private keys with anyone. If unauthorized people access them, they can easily recover your wallet and steal all your funds.
- To be safe, always use two-factor authentication (2FA). They always add an extra layer of security to your wallet. With 2FA in place, scammers will have difficulty transferring funds.
EXPLORE: Bitcoin Conference 2024: Goodbye to Miami, Say Hello to Nashville
Disclaimer: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital
Credit: Source link