Crypto Whale loses over 15000 fwDETH in phishing attack
A crypto whale has reportedly fallen victim to a phishing attack, losing 15,079 Few Wrapped Duo ETH (fwDETH), which is worth about $35 million in tokens, according to security analysts.
fwDETH is a wrapped form of Duo ETH, also known as DETH, which is a DeFi protocol on the Blast network that is a derivative of ETH issued by Duo. The decentralized trading platform Duo Exchange acknowledged the phishing attack in a post on X on October 11 but reassured users that its protocols were still secure and operational.
Blockchain security firm Scam Sniffer initially flagged the phishing attack
According to a report by blockchain security company Scam Sniffer, a phishing scam drained a crypto whale's address of 15,079 fwDETH, or roughly $36 million. Scam Sniffer, a blockchain security firm, first noticed the incident.
🚨 5 hours ago, someone lost 15,079 fwDETH($35M) after signing a "permit" phishing signature.💸 pic.twitter.com/YG6KlgWMtv
— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) October 11, 2024
Someone lost 12,083.6 $spWETH(worth $32.33M)! due to a phishing attack!
— Lookonchain (@lookonchain) September 28, 2024
According to Arkham, the wallet may be related to DiscusFish(@bitfish1).
To avoid being phished, please do not click on any unknown links and do not sign any unknown signatures.
Always double-check when… pic.twitter.com/LSLMDeNQzb
This incident happened because the attacker was able to drain money from the whale's address, 0xEab2E…a393, by using a fraudulent "permit" signature.
Incident confirmed by security firm PeckShield BlockSec
The incident was confirmed by security firm PeckShield BlockSec. According to BlockSec co-founder Yajin (Andy) Zhou, "it appears that the attacker tricked the victim into signing a permit message offline, then used it to drain the fwDETH token from the victim's account."
The attacker converts stolen DETH into ETH
Through a decentralized exchange, the attacker quickly converted the stolen DETH into ETH, according to on-chain analyst Ember CN. However, only 2,288 ETH of the 14,079 DETH sold were given to the attacker because there was not enough liquidity in the DETH pool.
Drop in the value of DETH
The user lost a significant amount of fwDETH as a result of this exploit, and the attacker's sale caused the value to drop sharply. DETH, an asset designed to maintain a 1:1 exchange rate with ETH, was depegged as a result of the attack's severe disruption of DeFi markets.
According to data from DexScreener, the value of DETH fell by over 90% within hours of the incident, from $2000 to $100, before rising back to $1000 at the time of writing. The action depleted the pool, leading to a significant decoupling between WETH and DETH. The stolen assets' value fell from $35.98 million to $5.5 million, an 85% decrease.
The phished address may be connected to the venture capital firm Continue Capital, according to data from Arkham Intelligence. The firm has not yet responded to the incident. In addition, Yu Xian, the founder of the blockchain security company SlowMist, connected the attack to the phishing group Angel Drainer, which is well-known for offering "draining-as-a-service" (DAAS).
Crypto Whale loses over $32 million in tokens due to phishing attack
On September 29th, 2024, a crypto whale lost over $32 million in tokens as a result of a malicious transaction after falling victim to a phishing attack. ScamSniffer, a blockchain security company, first reported the incident on social media site X.
The 12,083 wrapped ether tokens (spWETH) stolen worth about $32.4 million were connected to the decentralized finance (DeFi) protocol Spark. The Inferno Drainer was used to plan the attack, according to blockchain intelligence firm Arkham.
According to a Dune Analytics dashboard made by ScamSniffer, Inferno Drainer has allegedly stolen more than $215 million from over 200,000 victims over the course of its existence.
Despite being shut down by its developers in November 2023, Inferno Drainer reappeared in May 2024 with promises of enhanced features, new employees, and support for hundreds of DeFi apps and 28 different blockchains.
Although the victim's identity is still unknown, blockchain researcher ZachXBT discovered noteworthy transactions that connected the compromised wallet to a whale named CZSamSun—not to be confused with the paradigm researcher @samczsun on X.
Disclaimer
This information should not be considered financial advice by any means. Please do your own research before making any investment decisions. The views in the articles are personal opinions only. Whale Insider is not responsible for any financial losses incurred.