Recently, the shadow of phishing attacks has once again shrouded the cryptocurrency field, causing a huge loss of $32 million. On September 27, a user's wallet (ending with "e57") suffered a complex phishing attack, causing the 12,083 Spark Wrapped Ethereum tokens (spWETH) held by him to be drained overnight. This incident not only highlights the vulnerability of network security, but also rings the alarm bell for the entire crypto community.

Analysis of capital flows and attack methods

According to a report by security firm CertiK, 10,000 spWETH worth about $26 million was initially transferred to a wallet starting with "0x471c". Subsequently, the funds were dispersed to multiple other wallets, as follows:

  • 1750 ETH was transferred to 0x105c wallet;

  • 2613 ETH were transferred to 0x278d wallet;

  • 3730 ETH was transferred to 0x408d wallet;

  • 1865 ETH was transferred to the 0xfaf2 wallet.

There are reports that the hacked wallet may be related to F2Pool founder Shixing Mao, but this information has yet to be confirmed. This complex flow of funds shows the attacker's carefully planned plan, and users should be alert to the concealment and maliciousness of phishing attacks.

Phishing attacks on the rise

What is more worrying is that phishing attacks in August 2024 surged 215% compared to the previous period. According to a report by security company Scam Sniffer, the total loss of malicious attacks in August has exceeded 66 million US dollars, and one phishing attack targeting the victim's proxy ownership has caused a wallet to lose up to 55 million US dollars.

A recent report from Blockaid pointed out that the notorious Angel Drainer malware has been upgraded to AngelX. This new phishing software deployed more than 300 phishing decentralized applications (DApps) in just four days. A spokesperson for Blockaid expressed concern, pointing out that AngelX mainly targets newer blockchain networks such as Open Web and Tron, and has strong customization capabilities, making phishing scams more complex and covert.
 

Hidden dangers in search engines

In an extension of the security vulnerability, the search engine DuckDuckGo accidentally displayed a fraudulent Etherscan website. These malicious links tricked users into connecting to the MetaMask wallet, allowing hackers to easily obtain user funds. This incident shows that when using search engines to find crypto-related information, users must be vigilant to avoid being deceived.

Beware of phishing and raise security awareness

In this ever-changing cryptocurrency market, cybersecurity has become a top priority for every user. Whether it is checking the details when using the wallet or paying attention to the flow of funds, raising security awareness is the first step to resist phishing attacks.

We should always be vigilant to ensure the safety of our assets and avoid irreparable losses due to momentary negligence. In this wave of phishing, whoever can master security knowledge will be invincible. Follow the seniors to get more professional advice on security protection!

#非农就业数据即将公布 #美国8月核心PCE创4月以来新高 #美联储11月降息预期升温 #美国比特币现货ETF累计净流入创新高 #美联储宣布降息50个基点