An unfortunate crypto investor has fallen prey to a sophisticated phishing attack on the Ethereum network, resulting in staggering losses exceeding $180,000 in USD Coin (USDC) and ANDY, a newly minted meme coin inspired by the infamous Pepe.
According to data extracted from Etherscan, the assault unfolded on April 23 within a harrowing span of just under one hour, commencing at 05:39 and concluding at 06:29 UTC.
The gravity of the situation was underscored by a distress signal broadcasted by PeckShieldAlert, a vigilant crypto watchdog, confirming the plunder of approximately 1.6 billion ANDY tokens, equivalent to a hefty $162,400, alongside an additional 17,913 USDC.
The assailants orchestrated a multi-call phishing manoeuvre, ingeniously bundling disparate function calls into a single transaction, thereby obscuring their malevolent intent.
Although each call might appear innocuous in isolation, collectively, they wrought havoc upon the victim’s digital wealth.
The nefarious actors swiftly siphoned funds from the victim’s wallet into several shadowy addresses under their control, some of which were promptly flagged as phishing hotspots by Etherscan.
The aftermath was grim: an emptied account, reduced to a mere $32 valuation in Ethereum (ETH) and Arbitrum (ARB).
While one of the malefactor’s addresses clung to the spoils, the other swiftly converted the pilfered ANDY tokens into Wrapped Ethereum (WETH) via Uniswap before promptly dispatching them to a fresh enclave.
The mode of operation of such assaults typically revolves around exploiting unsuspecting users’ interactions with smart contracts.
These devious contracts masquerade as legitimate DeFi operations, such as token swaps, while clandestinely facilitating the transfer of the victim’s assets into the hands of the attackers.
This incident echoes a similar incident last month, where a whopping $674,000 in USDC evaporated into the void following a comparable phishing ploy. The ill-gotten gains were promptly laundered through the Ox protocol, adding to the mounting toll exacted by these nefarious schemes.
Against the backdrop of an escalating epidemic of phishing assaults, a disconcerting report surfaced, documenting the distressing plight of over 57,000 crypto enthusiasts who collectively haemorrhaged a staggering $46 million to such insidious attacks in February alone.