- A Web3 user lost $55 million in a phishing attack, exploiting vulnerabilities amid market volatility and uncertainty.
- Operating under the alias Fake_Phishing187019, the attacker minted 55,473,618 Dai tokens and laundered the stolen funds through various channels.
- $36 million was transferred to one address, $17.5 million to CoW Protocol, and stolen assets were converted to Wrapped ETH and BTC via Uniswap V3.
In a stunning blow to the crypto industry, a Web3 user has fallen prey to a phishing attack that can bring the biggest loss of $55 million. The attacker’s audacious move unfolded amidst ongoing crypto market volatility and midterm uncertainty, exposing vulnerabilities in the Web3 space.
According to a deep dive by Certik Alert, the attacker, operating under the pseudonym Fake_Phishing187019, exploited the system by minting a jaw-dropping 55,473,618 Dai tokens. The attacker then launched a rapid laundering process, channeling the filched funds through a number of entities to obfuscate their source.
The attacker utilized the hacking method of penetration into externally owned accounts, EOA, which operates equally like ordinary bank accounts. These EOAs are safeguarded by a public key and a private key with the latter kept confidential to all parties except the owner.
Further investigation by Certik Alert showcases that the attacker has been quite careful in tucking away and dispersing the looted funds. Whereas $36 million was sent to a single address, another $17.5 million was routed to CoW protocol earlier today. The attacker then started converting the hijacked assets into Wrapped ETH and BTC by using Uniswap V3 to further obfuscate the trail.
Web3 Industry Faces Increasing Security Threats
Despite its rapid growth and development in business, the Web3 industry has still not been able to move out of the circle of security-related challenges. The attack brought into the limelight sophisticated tactics that are used to exploit weaknesses in Web3 platform security.
Certik Alert also reported that over $270 million has been lost across various Web3 projects due to hacks, exploits, and scams, with only $7.8 million being recovered in July. Notable incidents include the WazirX hack, which saw a loss of over $230 million as funds were funneled through Tornado Cash.
Adding to the recent turmoil, earlier this week saw the theft of 4,064 Bitcoins, valued at approximately $238 million, with the stolen funds quickly moving through platforms like THORChain, eXch, KuCoin, ChangeNow, Railgun, and Avalanche Bridge.
