In a shocking turn of events, a crypto whale has recently lost $32 million to a phishing attack. This development comes as total crypto losses in Q3 2024 rose over $400 million, indicating the need for continuous security development in the crypto industry.
Investor Loses 12,000 WETH Via Permit Phishing Attack
In an X post on Saturday, Web3 security platform Scam Sniffer reported that a crypto whale has lost about 50% of its holdings after authorizing a “permit” phishing signature. This loss constituted of 12,083 wrapped Ether tokens, valued at $32 million, deposited on the decentralized finance (DeFi) platform Spark.
In DeFi, a “permit” is a common mechanism that allows users to grant an application permission to spend a certain amount of tokens on their behalf. It is designed to be a convenience feature allowing ease of transactions by users. However, in this phishing attack, the suspecting user signed a malicious permit message granting bad actors control over their assets.
According to data from Arkham Intelligence, this attack was executed using the Inferno Drainer, a popular malware employed in blockchain phishing attacks. Over 200,000 victims have suffered attacks linked to the Inferno Drainer resulting in a cumulative loss of $215.67 million.
Currently, the identity of the parties involved in this incident remains unknown. However, the victim have sent a blockchain message to the attackers seeking a “peaceful resolution”, which includes the return of the stolen loot in exchange for a 20% bounty reward. Interestingly, data from security platform Certik shows that 10,000 spWETH of the loot, valued at $26 million, have been transferred to another wallet, before the subsequent division of this fund to four new wallets.
Generally, phishing attacks remain one of the most common woes of the crypto ecosystem. Scam Sniffer previously reported that 9,145 victims lost about $63 million to crypto phishing scams in August, representing a stunning 215% increase from values reported in July.
Crypto Losses Reach $412 Million In Q3 2024
According to a recent report from blockchain security company Immunefi, the crypto industry recorded a total loss of $412.99 million in Q3 2024. Of these figures, $409.91 million was lost to hacks with only $3.09 million being stolen by fraudsters.
The month of July experienced the highest volume of losses at $281.91 million, followed by September at $115.94 million. Meanwhile, centralized finance (CeFi) accounted for 74.8% of the total losses, emerging as the main target for bad actors. Sadly, only $14.9 million representing 3.6% of the stolen funds has been recovered, indicating the need for stringent protective measures in the crypto space.