A recent phishing attack on Ethereum resulted in a cryptocurrency investor losing over $180,000 in USD Coin (USDC) and ANDY tokens. The attack took place on April 23 over the course of an hour, from 05:39 to 06:29 UTC.
The attack involved multiple function calls combined into a single transaction, deceiving the victim into unknowingly transferring their assets to the hackers. The victim lost over 1.6 billion ANDY tokens, valued at $162,400, and 17,913 USDC tokens. The attackers swiftly moved the stolen assets to various wallets, with some already flagged as phishing wallets by Etherscan.
As a result, the victim’s account was left with only $32 worth of Ethereum (ETH) and Arbitrum (ARB). The attackers quickly swapped the ANDY tokens for WETH on Uniswap and transferred the funds to a new address.
Phishing attacks like these exploit users’ interactions with smart contracts, where malicious actors create deceptive contracts that appear to be conducting standard DeFi operations. These transactions include hidden calls that approve the transfer of the user’s tokens to the attacker.
This incident is part of a growing trend of phishing attacks in the crypto space. In February alone, over 57,000 crypto users lost $46 million to similar schemes. Stay vigilant and protect your assets from potential threats.
Remember to always verify the authenticity of transactions and be cautious when interacting with smart contracts. Stay informed about the latest security threats in the crypto world to safeguard your investments.