DeFi user loses $3.4 million of GMX tokens in phishing attack
Quick Take
- A DeFi user lost $3.4 million of GMX tokens in an apparent phishing attack.
- Security analysts say a malicious actor was able to dupe the user into approving a malicious transaction.
An anonymous DeFi user fell victim to a phishing attack and lost $3.4 million in GMX, the native token of decentralized trading protocol GMX. The tokens were then sold on the open market.
An administrator of GMX's Telegram group confirmed the phishing incident, making it clear that the incident had nothing to do with any security issues on the GMX platform itself. When asked how they knew for certain that a hack had occurred, a moderator in the group said the team was in direct contact with the victim of the attack.
On-chain data show that the attacker started taking out funds from the victim's wallet at 7 pm UTC on Jan. 3. The attacker sent out GMX worth about $3.4 million to another address and swapped them for ether, security analysts PeckShield estimated. These stolen funds were bridged onto the Ethereum mainnet at an address believed to be owned by the hacker.
Such phishing attacks becoming increasingly common in the crypto space. They are also a major concern because signing only one malicious signature may result in the loss of all assets stored in a wallet. Earlier today, a hacker stole about $175,000 in NFTs in a phishing attack targeting Nikhil Gopalani, the chief operating officer at RTFKT, while another crypto user lost four CryptoPunk NFTs worth more than $330,000.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
