Blockchain security firm Scam Sniffer recently reported that a crypto whale’s address was drained of 15,079 fwDETH, valued at approximately $36 million, in a phishing scam. Data from Arkham Intelligence suggests that the phished address may be affiliated with venture firm Continue Capital, though the firm has yet to address the incident. Yu Xian, founder of SlowMist, connected the attack to the Angel Drainer phishing group, known for offering “draining-as-a-service” (DAAS) tools to scammers. These services contributed to the theft of $295 million from 324,000 victims in 2023, making phishing scams a persistent issue in the crypto sector. In the third quarter of 2024, such attacks reportedly caused losses of around $126 million.
The phishing scam led to significant disruption in DeFi markets as DETH, an asset meant to maintain a 1:1 exchange rate with ETH, underwent depegging. The attacker swiftly exchanged the stolen DETH for ETH through a decentralized exchange, but due to insufficient liquidity in the DETH pool, only 2,288 ETH was received out of the 14,079 DETH sold. This action caused a major decoupling between DETH and WETH, resulting in an 85% drop in the value of the stolen assets from $35.98 million to $5.5 million. Decentralized trading platform Duo Exchange acknowledged the phishing attack on Oct. 11, reassuring users that its protocols remained secure and fully operational while stating, “Over 10k DETH was dumped on AMMs to cause a depeg of DETH price.”
As a result of the phishing attack, the total value of assets locked on Duo Exchange plummeted from $103 million to $86 million within a single day, as per DeFillama data. This incident serves as a reminder of the risks associated with phishing scams in the crypto sector and highlights the importance of robust security measures to protect assets and investments. The involvement of known phishing groups like Angel Drainer underscores the sophistication and organization of cybercriminal activities targeting crypto users. As the industry continues to expand and evolve, addressing cybersecurity threats and vulnerabilities will be crucial to maintaining trust and confidence within the crypto community. Collaborative efforts between security firms, exchanges, and regulators will be essential in combating such attacks and safeguarding the integrity of blockchain technology and digital assets.
