Phishing Victim Sends Scammer Staggering $4.5M in USDT

Jimmy Aki
Last Updated:

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

A cryptocurrency holder has reportedly fallen victim to a $4.5 million phishing scam. The funds were first transferred from the Kraken account to an address associated with a fraudulent Coinone crypto mining platform.

Scammer Steals Fund From Crypto Holder

On September 20, Etherscan’s data revealed that $4.46 million worth of Tether (USDT) was withdrawn from the victim’s Kraken wallet. This amount was then sent to an address ending with “ACa7.”

However, blockchain security firm PeckShield has identified the owner of this address as being owned by a phishing scammer.

In another twist, Scam Sniffer, an additional anti-scam blockchain platform, pointed out that these embezzled funds found their way to an address associated with a fictitious CoinOne cryptocurrency mining exchange.

Scam Sniffer’s investigation, which is based on a user-generated Dune Analytics dashboard, revealed that such fraudulent activities have resulted in scammers making off with a staggering total of approximately $337.1 million in USDT. This has affected up to 21,953 individuals.

A Recurring Problem

While not novel, phishing attacks persistently evolve as perpetrators employ increasingly sophisticated methods to evade detection.

These attacks are meticulously orchestrated to deceive individuals into revealing sensitive information or transferring substantial amounts of cryptocurrency to malicious actors.

On September 6, a big phishing attack targeted a cryptocurrency whale who suffered substantial losses on the Rocket Pool liquid staking platform.

The victim’s entire cryptocurrency holdings were at stake, encompassing millions of dollars in Lido Staked ETH (stETH) and Rocket Pool ETH (rETH).

Interestingly, the hacker executed this audacious assault with just two transactions, absconding with 9,579 stETH in one transaction and 4,851 rETH in another.

At the time of the breach, the stolen assets were valued at an eye-popping $15.5 million in stETH and $8.5 million in rETH, amounting to an astonishing $24 million.

PeckShield disclosed that the perpetrator promptly exchanged these stolen assets for 13,785 ETH and 1.64 million Dai.

However, as confirmed by the anti-scam platform, a substantial portion of the ill-gotten Dai had already found its way to the fully automated cryptocurrency exchange, FixedFloat.

Crypto tracking platform Mistrack also reported that most stolen funds had been funneled into three specific wallet addresses.

Meanwhile, Scam Sniffer provided further insights into how the scam unfolded. The platform explained that the victim unwittingly granted the scammer access to their tokens by authorizing “Increase Allowance” transactions.

These access permissions are a feature associated with ERC-20 tokens, allowing third parties to spend tokens on behalf of the token holder via smart contracts.

However, the incident has raised concerns among cryptocurrency observers, who cautioned against the potential risks tied to approving ERC-20 allowances.

About Jimmy Aki PRO INVESTOR

Based in the UK, Jimmy is an economic researcher with outstanding hands-on and heads-on experience in Macroeconomic finance analysis, forecasting and planning. He has honed his skills having worked cross-continental as a finance analyst, which gives him inter-cultural experience. He currently has a strong passion for regulation and macroeconomic trends as it allows him peek under the global bonnet to see how the world works.