Crypto Whale Loses Over $32 Million in Phishing Attack

Crypto Whale Loses Over $32 Million in Phishing Attack

In a significant security breach, a crypto whale has reportedly lost 12,083 Spark Wrapped Ether tokens (spWETH), valued at approximately $32.4 million. The loss was triggered by a malicious transaction initiated by an unidentified attacker. This incident was linked to the notorious Inferno Drainer, a scam-as-a-service software that enables attackers to drain wallets by tricking users into signing fraudulent transactions.

How the Attack Happened

According to the reports, the victim unknowingly signed a malicious transaction which grabbed the attacker's control over his wallet. This led to the transfer of his spWETH tokens to the attacker's wallet. The exploit was powered by Inferno Drainer, a software designed to spoof decentralised finance (DeFi) protocols and trick users into giving up control of their wallets.

Inferno Drainer is known for its ability to phish crypto traders by mimicking popular DeFi platforms. Users are often led to believe that they are interacting with legitimate services, only to sign over their assets to hackers. 

How Inferno Drainer Works

The Inferno Drainer software is a sophisticated scam tool that operates by allowing malicious actors to spoof trusted DeFi applications. Users unknowingly sign transactions that grant attackers access to their wallets. This scam is part of a broader "scam-as-a-service" model, where operators of Inferno Drainer take a 20% cut of the stolen assets.

Despite its developers shutting down the service in November 2023, Inferno Drainer returned in May 2024 with enhanced features, boasting support for 28 different blockchains and hundreds of DeFi apps. Over its lifetime, the software has reportedly stolen over $215 million from 200,000 victims.

The Victim's Attempt at Resolution

Following the attack, a blockchain message was sent from the victim's wallet to the attacker. The victim proposed a "peaceful resolution," offering the thief 20% of the stolen amount (approximately $6.5 million) in exchange for the return of the remaining funds. However, there has been no response from the attacker. The identity of the whale remains uncertain, though blockchain investigator ZachXBT linked the victim's wallet to a well-known whale called CZSamSun.

How to Avoid Wallet Drainer Scams

On the brighter side, this attack serves as a warning for crypto users when interacting with DeFi applications. Security experts suggest the following precautions to avoid falling victim to phishing attacks like Inferno Drainer:

- Do Not Click on Unknown Links: Always verify the source before interacting with links or applications.

- Double-check Transactions: Before signing any transaction, make sure the details are accurate and legitimate.

- Use Wallet Security Measures: Enable multi-factor authentication (MFA) and consider hardware wallets for additional security.

FAQs

1. What is Inferno Drainer?

Inferno Drainer is a scam-as-a-service software that allows attackers to drain wallets by tricking users into signing malicious transactions. It has stolen over $215 million across 28 blockchains.

2. How can I protect myself from wallet drainers?

To avoid wallet drainers, do not click on unknown links, double-check all transactions before signing, and use multi-factor authentication (MFA) along with hardware wallets for better security.

3. How much was lost in the Bedrock attack?

The victim lost 12,083 spWETH tokens, valued at approximately $32.4 million, due to the phishing attack.

4. What should I do if I suspect I’m being phished?

If you suspect phishing, immediately stop all interactions with the source. Avoid signing any transactions and check your wallet activity to see if there are any unauthorised transfers.

5. Can drained funds be recovered?

Recovering stolen crypto funds is extremely difficult, but some victims have been able to negotiate returns with the attackers. In rare cases, law enforcement or white-hat hackers can assist in recovering funds.

Continue reading