Amid the ongoing crypto market volatility and mid-term uncertainty, a Web3 user has fallen victim to a phishing attack, resulting in a loss of over $55 million. According to an on-chain data analysis conducted by Certik Alert, the attacker, alias Fake_Phishing187019, minted 55,473,618 Dai tokens and immediately laundered them through various channels.

The attacker reportedly managed to drain the $55 million worth of crypto assets by gaining access to external accounts (EOAs), which function more or less like regular bank accounts. Furthermore, the owner of EOAs has a public key that is linked to a private key that is unknown to other parties.

1/ The theft was made possible by the attacker gaining access to EOA 0xf2B889437F243396b29E829908b5d8ebE2e13048Tthe wallet was used to verify ownership of
DSProxy #166,776
to 0x0000db5c8B030ae20308ac975898E09741e70000
11 hours ago on 20-08-2024 05:40:47 PM UTC. photo.twitter.com/BxI1MYPR7W

— CertiK warning (@CertiKAlert) August 21, 2024

Further analysis of the attacker’s address reveals a strong determination to hide and launder as much money as possible in various amounts. For example, the attacker sent approximately $36 million to one address, and earlier today sent $17.5 million to CoW Protocol.

Meanwhile, the attacker had already started converting the assets to Wrapped ETH and BTC by depositing the funds into Uniswap V3.

The Web3 industry has suffered in recent years from its widespread success. Advanced technology has been used to compromise weak security designs for various Web3 platforms.

#CertiKStatsAlert

Adding up all the incidents in July, we can confirm that around $270.9 million was lost to exploits, hacks and scams, after around $7.8 million was refunded.

The amount is the second-highest monthly loss so far in 2024.

Exit scams: ~$3m
Flash Loans: ~$265.8 million
Exploitations: ~$9.8 million

More details… photo.twitter.com/FCXNe4sGiu

— CertiK warning (@CertiKAlert) July 31, 2024

According to Certik Alert, over $270 million was lost across various web3 projects due to hacks, exploits and scams, while attackers recovered only $7.8 million in July.

The WazirX hack, which resulted in the loss of over $230 million, left even more retail investors in the lurch after the attacker transferred the funds to Tornado Cash.

Earlier this week, 4,064 Bitcoins, worth approximately $238 million, were stolen from a victim and quickly transferred to THORChain, eXch, KuCoin, ChangeNow, Railgun, and Avalanche Bridge.

Source link