Unknowingly, one unlucky crypto owner recently fell for a staggering $4.46 million phishing fraud .
Etherscan records indicate that someone moved $4.46 million worth of Tether (USDT) from a Kraken crypto exchange wallet to an address ending in “ACa7.”
PeckShield, a blockchain security company, has identified the address as belonging to a phishing fraudster.
On September 20, Scam Sniffer, a blockchain scam platform, said that the funds moved to an address connected to a “fake Coinone crypto mining exchange.”
According to a Dune Analytics dashboard that Scam Sniffer connected to, scammers have used similar tactics to steal a total of $337.1 million USDT from as many as 21,953 victims.
The Global Anti-Scam Organisation reports that scammers frequently deceive victims into granting approval for limitless withdrawals from their cryptocurrency wallets in this particular approval mining scam.
“When you create a self-custody crypto wallet […] you obtain a ‘private key’ that is safeguarded through encryption.Set featured image However, the fraudsters do not need your seed phrase,” GASO explains and adds that when a victim clicks to participate in the phoney mining pool, they’re clicking on a button that will require a $10–$50 network charge in Ether ETH. The fraudsters, however, do not need your seed phrase.
GASO says :
“This is merely a front to obtain your digitally signed authorization, allowing unlimited access to your wallet via the USDT smart contract.”
A type of crypto scam, known as phishing, tricks people into revealing their private keys or personal information. Scammers often pretend to be a trusted company or individual to gain the victim’s confidence. Once they deceive the victim, the attacker uses the stolen information to steal their bitcoin funds.
As online criminals and cyberattackers become more adept, phishing scams are on the rise. Many of these scams target cryptocurrency wallets, exchanges, and ICOs. To protect themselves and their money, cryptocurrency users need to understand how these scams work.
An attacker will frequently begin a phishing assault by sending out a bulk email or text message to potential victims. Frequently, it will appear to be coming from a reliable source, like a wallet or bitcoin exchange.
The message typically contains a link to a fake website that closely resembles the legitimate one. The attacker (mis)uses the victim’s login information when they click the link and enter it to access their account.
By appealing to their sense of urgency or anxiety, phishing attempts convince their victim to take action. For instance, a message can assert that the victim’s account is having an issue and that they need to check in right away to fix it. Others will make an airdrop or phoney bounty offer in an effort to lure victims.
Some attackers go as far as feigning concern by issuing warnings about “suspicious activity” to account owners, aiming to deceive them into entering their login information on a fake website.