Throughout the year, there has been a notable surge in phishing attacks, resulting in substantial losses for investors. Particularly concerning is the 40% increase in cryptocurrency phishing attacks observed in 2022. This shift underscores the cybercriminals’ focus on cryptocurrency investors, with one in seven respondents reporting being affected, as per a Kaspersky survey.
On September 7, a significant cryptocurrency phishing attack occurred, resulting in a victim’s staggering loss of $24.23 million in staked Ethereum tokens. This unfortunate investor saw 9,579 stETH and 4,851 rETH, where, stETH representing Lido’s staked Ethereum token and rETH Rocket Pool’s staked Ethereum token, respectively, drained from their holdings. The attacker deceived the victim into granting token approvals through “increaseAllowance” transactions.
What makes this incident more alarming is that the attacker’s address had a history tied to numerous crypto phishing websites. PeckShield, a blockchain security firm, reported that the attacker had already begun moving the stolen assets. They swiftly converted the pilfered rETH and stETH tokens into approximately 13,785 ETH, equivalent to roughly $22.5 million, and 1.64 million DAI. Notably, FixedFloat, an automated cryptocurrency exchange utilizing the Lightning Network, received a substantial transfer of approximately 451,000 DAI.
Phishing, a deceptive tactic wherein malicious actors manipulate individuals into disclosing sensitive information or installing malware, was the weapon of choice in this attack. In a recent report by Todayq News on August 22, 2023, The Layer-1 blockchain Terra suspended its website due to a phishing attack on August 21, 2023. The “terra(dot)money” domain is frozen to prevent phishing. Users are advised not to engage with Terra-related domains until an official announcement.
Related Article: What is Crypto Dusting Attack & How to Identify it?
Additionally, on September 6, cybersecurity firm Group-IB warned of a significant phishing threat actor named “W3LL.” This threat actor operates an underground market selling tools designed to bypass Microsoft 365 multifactor authentication (MFA).
They offer a custom phishing kit known as the “W3LL Panel” that targets corporate Microsoft 365 accounts. Estimates suggest that between October 2022 and July 2023, over 56,000 accounts were compromised. Experts have raised concerns about these tools, as they enable sophisticated “adversary-in-the-middle” phishing attacks that can bypass MFA, making them difficult to detect.