A new cryptocurrency phishing attack has resulted in the theft of approximately $1.28 million worth of crypto.
According to blockchain security firm PeckShieldAlert, the incident appears to be connected to a larger scam that occurred just two weeks ago.
Victim loses PEPE, APU and MSTR tokens
PeckShieldAlert reported that the address 0xb0b8…40c7 was drained of various cryptocurrencies after the victim signed a malicious phishing permit signature.
The stolen assets include 108 billion PEPE tokens, 73.8 million APU tokens, and 165,000 MSTR tokens.
#PeckShieldAlert The address 0xb0b8…40c7 has been drained of ~$1.28M worth of cryptos, including 108B $PEPE, 73.8M $APU, and 165K $MSTR, after signing a #phishing permit signature.
The #phishing address #Fake_Phishing442846 is linked to the scammers who drained $32M worth of… pic.twitter.com/fq3a4DD0tD— PeckShieldAlert (@PeckShieldAlert) October 14, 2024
The phishing address, identified as #Fake_Phishing442846, has been linked to the same group of scammers responsible for a recent $32 million theft of Spark Wrapped Ethereum tokens (spWETH).
A September attack resulted in the loss of $32 million
The earlier attack occurred on September 27 and targeted a wallet ending in ‘e57.’ The attack resulted in the loss of 12,083 spWETH tokens.
Security firm CertiK provided details on the subsequent movement of these funds, with large portions being transferred to multiple wallets.
Notably, blockchain intelligence firm Arkham Intelligence has suggested that the compromised wallet in the $32 million attack may belong to F2Pool founder Shixing Mao, although this information remains unconfirmed.
According to the data from Spectrum Search, the crypto industry witnessed an alarming rise in cryptophishing scams. Data shows that over $46 million in crypto was lost in September.
Over 10,805 victims were affected due to these attacks in September, which brought the overall losses in the third quarter to $126 million. Spectrum Search shared that over 11,000 victims per month were affected during this period.
In several instances, many victims fall prey to the phishing links that are shared by fake accounts on X or Google ads. Once a user clicks on these links, the chances for the user to lose their data, crypto or wallet access escalate following the subsequent actions done.