Crypto whale loses over $32 million in apparent phishing attack

Quick Take

  • A crypto whale has lost over $32 million worth of spark wrapped ether tokens (spWETH) after apparently signing a malicious transaction, as first spotted by ScamSniffer.
  • The exploit was seemingly powered by the infamous Inferno Drainer scam-as-a-service software, which targets crypto traders by spoofing popular DeFi protocols in order to trick users into signing over control of their wallets. 

A crypto whale appears to have lost over $32 million worth of tokens after signing a malicious transaction, blockchain security service ScamSniffer first noted in a post on X. 

The loss came in the form of wrapped ether tokens from the decentralized finance (DeFi) protocol Spark. The 12,083 spWETH tokens drained from the wallet are worth about $32.4 million at current value. 

The malicious transaction was powered by the Inferno Drainer scam-as-a-service, according to blockchain intelligence firm Arkham. The Inferno Drainer, which targets users with spoofed versions of popular DeFi applications in an attempt to trick those users into signing over control of their wallets, has stolen over $215 million from over 200,000 victims across its lifetime, according to a Dune Analytics dashboard built by ScamSniffer. 

Inferno's operators reportedly take a 20% commission on stolen tokens. Though the service was originally shut down by its developers in November 2023, it made a return in May of this year, calling the service "better than ever" with "new staff, new ways to work, new support, and new features." The scam service claims to support 28 different blockchains and hundreds of different DeFi apps. 

The identity of the phished individual has yet to be confirmed; however, blockchain sleuth ZachXBT spotted large transactions connecting the wallet with a whale known as CZSamSun (not to be confused with X user @samczsun, a researcher at VC firm Paradigm). 

A blockchain message sent from the victim's wallet purportedly offered a 20% reward for the return of the funds, though a reply has yet to appear from the alleged scammer. 

"To avoid being phished, please do not click on any unknown links and do not sign any unknown signatures. Always double-check when signing signatures," analytics firm LookOnChain posted on X


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Zack Abrams is a writer and editor based in Brooklyn, New York. Before coming to The Block, he was the Head Writer at Coinage, a Web3 media outlet covering the biggest stories in Web3. The story he co-reported on Do Kwon won a 2022 Best in Business Journalism award from SABEW. Other projects included a deep dive into SBF's defense based on exclusive documents and unveiling the identity of the hacker behind one of 2023's biggest crypto hacks — so far. He can be reached via X @zackdabrams or email, [email protected].