Scammers in the cryptocurrency ecosystem have executed a series of phishing attacks, targeting users of major Web3 companies such as Cointelegraph, WalletConnect, and Token Terminal. Cryptocurrency investigator ZachXBT recently flagged a multichain address on his Telegram channel, revealing that the attackers have successfully stolen over $580,000 in cryptocurrency through a sophisticated phishing email campaign.
The scammers mimic the email addresses of reputable companies in the crypto space, leaving victims unsuspecting. The stolen funds, now residing in a multichain wallet, comprise 280 different cryptocurrency tokens. Notably, 86% of the wallet’s value is in Ether, totaling 227 ETH at the time of reporting.
WalletConnect, a key player in the Web3 space, issued a warning on X (formerly Twitter), cautioning users about the phishing email that prompts recipients to click on a malicious airdrop link. This highlights the gravity of the situation and the importance of vigilance among users.
The phishing spree extends beyond major companies, targeting users of Web3 SocialFi and the antivirus app De.Fi. Victims receive emails promoting a launchpad launch, coupled with a link to a purported airdrop. Additionally, attackers announced a fake Token Terminal beta launch, complete with a button enticing users to claim a fake airdrop.
One alarming aspect of this phishing email campaign is the nature of the attackers’ email addresses from the legitimate addresses of the targeted companies. This level of sophistication has contributed to the success of the scam, leaving users vulnerable to fraudulent activities.
Investors are urged to exercise caution and skepticism when encountering unexpected airdrop announcements in their emails. The ongoing phishing attack serves as a stark reminder of the constant threat faced by the cryptocurrency community and the need for robust security measures.
As the investigation unfolds, users must stay informed and remain vigilant against phishing attempts. The theft of over $580,000 in cryptocurrency highlights the urgency for companies and users alike to bolster their cybersecurity practices to mitigate such risks in the evolving landscape of digital assets.
A significant phishing attack in the cryptocurrency realm resulted in a notable financial loss. The individual, identified by the wallet address 0x1749, was at the end of the theft of $4.20 million in assets, specifically in aEthWETH and aEthUNI. Scam Sniffer, a Web3 scam detection service, promptly reported this incident on January 22, a mere 40 minutes after its occurrence.
