A cryptocurrency enthusiast, known by the pseudonym “LeftsideEmiri” on the platform X, shared a harrowing account of a cyber attack on December 6, in which they lost a staggering sum of $300,000. The user detailed the incident in a thread as a social engineering attack, underscoring that they had not authorized or signed any transactions.
“Thought it would never happen to me, but it did,” LeftsideEmiri wrote, revealing the loss of $300,000 across several wallets. The incident, according to the victim, initiated with a direct message on the platform X that contained a KakaoTalk message link, a widespread platform for messaging, intended for a prospective partnership discussion.
The user, unsuspecting of any malicious intent, clicked on the link, which appeared non-responsive and harmless. However, they now suspect that the link harbored malware that infiltrated and compromised their digital wallets. Among the impacted wallets were an Ethereum address and a Solana address, along with several others that were simultaneously drained.
The alleged perpetrator, identified on X by the username “0xQwerky”, reportedly moved the pilfered funds to a wallet associated with BingX, a cryptocurrency exchange. LeftsideEmiri has since appealed to the exchange to step in and potentially aid in the recovery of the stolen assets.
The victim also implored for any assistance that the online community could offer. They further cautioned fellow cryptocurrency users against clicking on unsolicited job interview links or placing undue trust in unrequested messages on social platforms.
This incident coincides with a period when cybersecurity analysts are forecasting a surge in cryptocurrency phishing scams throughout December.
Web3 security firm, Scam Sniffer, reported that phishing attacks in November resulted in losses nearing $9.4 million, affecting over 9,200 investors. The firm highlighted a notable case involving a victim who lost $661,000 in stETH within minutes, characterizing it as the ‘tip of the iceberg.’
Scam Sniffer also cautioned that malicious blockchain signatures continue to pose the most significant threat to cryptocurrency users. Fraudsters employ these techniques to trick individuals into signing fraudulent transactions, thereby gaining unrestricted access to the victims’ wallets, leading to substantial financial losses.
In January 2024, a sophisticated phishing scam led to theft amounting to $4.2 million in aEthWETH and aEthUNI. The scammers exploited ERC-20 permissions to circumvent security alerts and access the victim’s funds. More recently, in October, a crypto investor lost 15,079 fwdETH, equating to approximately $36 million, in a permit phishing scam. Scam Sniffer reported that the malefactor deceived the individual into signing a malicious signature, giving them unhindered access to the investor’s funds.
