Blockchain Scam Sniffer security platform he recently revealed a crypto trader who lost $35 million in minutes. This trader is said to have lost this money because of social-engineering crypto scamwhich continues to thrive in the industry.
How This Crypto Trader Lost $35 Million
Scam Sniffer revealed in an X post that a crypto trader lost 15,079 fwDETH ($35 million) after signing a “consent” signature for phishing. These fraudsters quickly sell the coins, causing the price of deETH to drop quickly. This scam too said which led to attacks on deals like PAC Finance and Orbit Finance.
This ‘consent’ feature was introduced in The Ethereum network with Ethereum Improvement Proposal (EIP) 2612 to help solve the challenge of paying gas bills multiple times.
This permission function allows merchants to sign an authorization message off-chain, allowing them to perform transactions without electricity. However, as seen with this crypto trader who lost 35 million dollars, what sets us back with these Consent signatures is that they are vulnerable to social-enhanced fraud, unlike when they do onchain authorization.
Fraudsters can easily trick users into giving permissions by giving them the impression that they are just logging into a website while giving permission for their funds to be transferred from their wallets. Furthermore, unlike the warning signs that are displayed when signing onchain approvals, there are none for Permit signatures.
Phishing Scams Remain a Common Type of Crypto Attack
Phishing scams continue to be one of the most prevalent social engineering attacks in the crypto space. Scam Sniffer it has drawn public attention that the KOR Protocol X account has recently been compromised and is sending phishing tweets. They noted that these phishing tweets from notable X accounts are often the result of social engineering attacks that authorize malicious apps.
According to Scam Sniffer’s September Phishing Reportapproximately 10,000 victims have lost approximately $46 million to crypto phishing scams. Meanwhile, in the third quarter of this year, up to $127 million loss of identity theft occurs, with an average of 11,000 victims each month. The two victims are said to have made up $87 million for this loss.
Interestingly, one of the victims lost $32 million by signing the consent signature, similar to this crypto trader, who lost $35 million. One trader lost $1 million by copying the wrong address into a “dirty forwarding history.” Scam Sniffer revealed that the majority of phishing attacks were discovered by clicking on phishing links to fake accounts on the X platform and Google phishing ads.
The forum recently provided an example of Google’s phishing ad. They highlight the ‘List of options’ ad in the search engine. This ad leads merchants to link their wallets, and their wallets expire after signing a phishing signature.
Featured image from Pexels, chart from TradingView