A cryptocurrency investor recently fell victim to a sophisticated phishing attack on the Ethereum blockchain, leading to a substantial financial loss. The attack occurred on April 23, lasting nearly one hour from 05:39 to 06:29 UTC. The hackers employed a multi-call phishing technique, which involves combining multiple function calls into a single transaction. This method can appear benign when the individual calls are viewed separately, but when combined, they enabled the unauthorized transfer of significant amounts of cryptocurrency from the victim’s wallet.
In total, the victim lost over $180,000 in cryptocurrency, including 1.6 billion ANDY tokens and 17,913 USDC (USD Coin). The ANDY tokens alone accounted for approximately $162,400 of the loss, underscoring the magnitude of the attack. The transaction data, as revealed by Etherscan, showed that the stolen funds were transferred to multiple wallets associated with the attackers, some of which had already been identified as phishing wallets.
Following the theft, the attackers swiftly converted all the stolen ANDY tokens to Wrapped Ethereum (WETH) via the Uniswap platform, and then moved these funds to a new address. This rapid movement of funds across different cryptocurrencies and platforms is a common tactic used by cybercriminals to obscure the trail and hinder tracking efforts. One of the attacker’s wallets retained the stolen USDC, illustrating a strategic dispersion of the looted assets.
This incident is part of a growing trend of phishing attacks within the cryptocurrency sector. Crypto.news noted a similar attack last month where victims lost $674,000 in USDC. These attacks exploit the interactions of users with smart contracts, which, while appearing to perform standard decentralized finance (DeFi) operations like token swapping, actually contain embedded functions that transfer user tokens to the attacker. Amidst this rise in crypto-related crime, a recent report highlighted that over 57,000 crypto users lost a combined total of $46 million to phishing attacks in just one month, emphasizing the critical need for enhanced security measures and user awareness in the crypto community.
