A crypto whale was reported to have fallen victim to a phishing attack, resulting in the loss of over $32 million in tokens in a malicious transaction. The incident was flagged by blockchain security firm ScamSniffer on X, with the stolen assets linked to the DeFi protocol Spark. The attack was carried out using the Inferno Drainer, a scam-as-a-service tool that creates fake versions of popular DeFi applications to deceive users into handing over control of their wallets. While the service was shut down in November 2023, it resurfaced in May 2024 with new features, staff, and support for multiple blockchains and DeFi apps. The victim, rumored to be CZSamSun, offered a 20% reward for the return of the stolen funds, but no response has been received from the alleged scammer. Users are advised to be cautious of unfamiliar links and transactions to avoid similar attacks.
In a separate incident, a fraudulent cryptocurrency wallet app called WalletConnect on Google Play reportedly scammed over 10,000 users out of $70,000 in a world-first targeting of mobile users. The app mimicked the reputable WalletConnect protocol but was a sophisticated scam designed to drain users’ wallets. The scammers exploited the challenges faced by web3 users, such as compatibility issues, by marketing the fake app as a solution to these problems. Cybersecurity firm Check Point Research uncovered the scam, highlighting the lack of an official WalletConnect app on the Play Store as a factor that contributed to the success of the deception. Furthermore, cybersecurity scammers are using automated email replies to compromise systems and deliver crypto mining malware, with recent threats like the “Cthulhu Stealer” targeting MacOS systems by disguising itself as legitimate software.
The Inferno Drainer, the scam-as-a-service tool responsible for the phishing attack on the crypto whale, has reportedly stolen over $215 million from more than 200,000 victims. The software creates fake versions of popular DeFi apps to trick users into signing transactions that result in stolen funds. Operated by individuals who take a 20% commission on the stolen tokens, the service targets unsuspecting users with deceptive tactics. Although the developers of the Inferno Drainer shut down the service in 2023, it resurfaced in 2024 with claims of improved features and broader support for multiple blockchains and DeFi applications. The victim of the recent attack, rumored to be CZSamSun, offered a reward for the return of the funds but has not received a response from the scammer. Users are advised to exercise caution by avoiding unfamiliar links and verifying transactions to prevent falling prey to similar attacks.
The phishing attack on the crypto whale resulted in the loss of 12,083.6 spWETH tokens, valued at approximately $32.4 million, linked to the DeFi protocol Spark. The attacker used the Inferno Drainer to steal the tokens, with the victim offering a 20% reward for their return. Despite efforts to recover the stolen funds, the perpetrator has not responded. The fraudulent WalletConnect app on Google Play scammed over 10,000 users out of $70,000 by impersonating the reputable WalletConnect protocol to drain users’ wallets. The scammers exploited the absence of an official WalletConnect app on the Play Store to carry out the sophisticated scheme successfully. Additionally, cybersecurity scammers are using automated email replies to compromise systems and deliver crypto mining malware, with recent threats like the “Cthulhu Stealer” targeting MacOS systems by posing as legitimate software and stealing personal information.
The Inferno Drainer, a scam-as-a-service tool used in the phishing attack, has a history of stealing over $215 million from more than 200,000 victims through deceptive tactics involving fake versions of popular DeFi apps. The service operators take a 20% commission on stolen tokens, targeting unsuspecting users with fraudulent schemes. Despite being shut down in 2023, the Inferno Drainer resurfaced in 2024 with enhanced features and broader support for multiple blockchains and DeFi applications. The victim, suspected to be CZSamSun, offered a reward for the return of the stolen funds but has not received a response from the scammer. To prevent falling victim to similar attacks, users are advised to exercise caution by avoiding unfamiliar links and verifying all transactions before signing.Cybersecurity threats in the crypto space are evolving, with scammers employing sophisticated tactics to deceive users and steal their funds. Users must remain vigilant and adopt best practices to protect their assets and personal information from malicious actors. By staying informed and taking necessary precautions, individuals can mitigate the risks associated with engaging in the digital asset ecosystem.