简体中文
繁體中文
English
Pусский
日本語
ภาษาไทย
Tiếng Việt
Bahasa Indonesia
Español
हिन्दी
Filippiiniläinen
Français
Deutsch
Português
Türkçe
한국어
العربية
Abstract:On 12th November, a crypto investor fell victim to a sophisticated phishing attack, losing $6 million worth of GigaChad (GIGA) tokens.
A crypto investor recently fell victim to a sophisticated phishing attack, losing $6 million worth of GigaChad (GIGA) tokens. This incident, which occurred on November 12, underscores the increasing risks of social engineering in the cryptocurrency space. The victim, known by the online alias “Still in the Game,” was targeted through a fraudulent Zoom link that appeared legitimate but was subtly altered to deceive the user.
The phishing attack began when the victim received what seemed to be a legitimate Zoom invitation. However, the link contained a minor but crucial variation in the URL, which redirected the user to a fake website designed to capture their wallet information. Once the hacker gained access to the victims wallet, they transferred 95.3 million GIGA tokens, equivalent to approximately $6.09 million.
On-chain analysis conducted by Scam Sniffer and Onchain Lens traced the stolen tokens as they were converted into more liquid assets. The hacker converted the GIGA tokens into 11,759 SOL (worth $2.1 million) and subsequently into stablecoins such as USDT and USDC. This conversion made it more difficult to trace and recover the stolen assets, as they were now spread across various wallets, including some on the KuCoin exchange.
The phishing attack was a stark reminder of how even a slight variation in a URL can mislead users and enable hackers to deploy malware that steals sensitive credentials. Scam Sniffer‘s analysis revealed the crucial difference in the fraudulent link—“us04-zoom[.]us” instead of the legitimate “us02web.zoom[.]us.” This small but costly mistake was enough to allow the hacker to access the victim’s crypto wallet.
Following the attack, the victim reported the incident to the FBI and engaged a forensic team to attempt to trace the stolen assets. However, given the pseudonymous nature of blockchain transactions and the fact that the funds were dispersed across multiple wallets, recovering the assets is expected to be a challenging task.
This attack is part of a growing trend of phishing scams within the cryptocurrency industry. In the fourth quarter of 2024 alone, over $60 million has been lost to phishing attacks. Scammers are increasingly using fake links, fraudulent signatures, and impersonation tactics to trick victims. In October 2024, a crypto venture capital fund was also targeted, resulting in the loss of $36 million worth of fwDETH tokens.
Phishing attacks in the cryptocurrency sector are becoming more frequent and sophisticated. According to CertiK, a cybersecurity firm, $753 million was lost to fraud in the third quarter of 2024, with phishing accounting for $127 million of that total. Crypto is now one of the most targeted sectors for identity fraud, second only to traditional financial industries.
To mitigate the risks of phishing and other cyber threats, crypto investors are advised to adopt several best practices. First and foremost, they should always verify the authenticity of URLs, especially those from unknown or unsolicited sources, to ensure they are not falling victim to fraudulent websites. Enabling Multi-Factor Authentication (MFA) is another crucial step, as it adds an extra layer of security beyond just relying on passwords. Additionally, investors should consider using hardware wallets, which are offline and significantly less vulnerable to online breaches compared to online wallets. Finally, exercising caution with emails and links is essential; investors should be particularly wary of unsolicited emails that create a sense of urgency or request personal information, as these are often tactics used by cybercriminals to deceive their targets. By following these best practices, investors can better protect themselves against the growing threat of cybercrime in the crypto space.
Disclaimer:
The views in this article only represent the author's personal views, and do not constitute investment advice on this platform. This platform does not guarantee the accuracy, completeness and timeliness of the information in the article, and will not be liable for any loss caused by the use of or reliance on the information in the article.
Malaysian influencer Hu Chang Mun, widely known as Ady Hu, has been detained in Taiwan for his alleged involvement in a fraudulent operation. The 31-year-old, who was reported missing earlier in December, was located by Taiwanese authorities after suspicions arose regarding his activities.
Authorities in Thailand have apprehended a Malaysian man and his Thai wife for their alleged involvement in a series of fraudulent investment schemes that inflicted financial damage amounting to 800 million baht.
In the first 11 months of 2024, Malaysia recorded 5,685 investment scams, with Telegram emerging as the most commonly used platform for fraudulent activities.
Discover the pros and cons of unregulated forex brokers, explore risks, benefits, and key features, and learn how to evaluate their credibility with the WikiFX app.