Someone lost (yet another) millions of dollars worth of funds to a phishing attack while using decentralized finance (DeFi). This is a common mistake among users, affecting even investors with advanced knowledge if using cryptocurrencies that facilitate these attacks.

In this most recent event, the Ethereum address ‘0xAA1582084c4f588eF9BE86F5eA1a919F86A3eE57‘ lost 12,083.6 spEWTH, worth $32.33 million. Ethereum’s blockchain registered the transaction to two addresses labeled “Fake Phishing” on September 28 at 6:15 a.m. UTC.

Finbold consulted the Arkham Intelligence database, which suggests the address belongs to Shixing Mao, also known as DiscusFish on X. Right now, it still holds $8.25 million worth of tokens, of which $2.85 million are in DAI stablecoin.

Notably, Shixing Mao is an experienced crypto executive and co-founder of F2Pool and Cobo. If this address truly belongs to Mao, it is yet another cautionary tale about how even experts can fall victim to such attacks – urging the need to find universal solutions to avoid similar events.

0xAA1582084c4f588eF9BE86F5eA1a919F86A3eE57 transaction on EtherScan (up) and balance on Arkham Intelligence (down).

1 in 7 crypto investors were victims of Phishing

A survey from WalletConnect shows that nearly one in every seven cryptocurrency users has fallen victim to a Phishing attack. According to WalletConnect, 14.4% of respondents said, “Yes, I have lost crypto due to a phishing attack or scam.”

Survey: “Have you ever lost crypto due to phishing or hacks?” Source: WalletConnect

Accounts on X have reported some of the big numbers crypto investors lost while interacting with malicious contracts or addresses. A recent example involves Scam Sniffer‘s report on July 23 of a $4.69 million loss of Pendle (PENDLE) re-staking tokens.

Also, the $55 million DAI loss to a phishing attack Lookonchain reported on August 21, urging users to double-check transactions. In the first half of 2024, Scam Sniffer identified over $314 million stolen across Ethereum Virtual Machine (EVM) chains.

🧵 [1/8] 🚨 ScamSniffer Mid-Year Phishing Report 🚨
In H1 2024, 260k victims lost $314M across EVM chains. 😱 20 people lost over $1M each, totaling $58M.

Compared to $295M stolen last year, this year hit that in just 6 months! 📈 pic.twitter.com/S1X3p3Ujj0

— Scam Sniffer | Web3 Anti-Scam (@realScamSniffer) July 5, 2024

On Finbold, we have reported plenty of these cases. Namely related to the TON ecosystem, Tether freezing suspicious activity, and the attacker who returned stolen wBTC.

Yet, these are only part of a broader issue that costs users worldwide millions of dollars. Surprisingly, newer but less popular technologies and crypto protocols are already partially mitigating this issue.

How to avoid phishing attacks and wallet drains on DeFi?

Essentially, most of these attacks are due to human error, exploited in different ways. For example, connecting a wallet to a malicious application or signing a malicious permission or transaction.

The most natural way to avoid falling victim to a phishing attack or wallet drain is to double-check websites and understand what you are signing up for, literally. For that, users can prioritize wallets and protocols with easily readable transaction signing, disclosing the action in detail.

However, more advanced technologies have already developed built-in solutions for crypto protocols that help prevent human errors, focusing on security.

Native assets prevent phishing and wallet drains

Popular blockchains like Ethereum (ETH), BNB Chain (BNB), Solana (SOL), Tron (TRX), Avalanche (AVAX), Algorand (ALGO), and Near (NEAR) all use a model where tokens work differently from their native assets, functioning through smart contract calls that require a previous special permission to move the funds.

Dave, also known as DBCrypto, commented about this model with Finbold.

“The smart contract-based token model found on Ethereum, L2’s, and EVM chains is not only inefficient but also insecure, delaying Web3 adoption.”

– Dave (DBCrypto)

4/ These “tokens” are just pieces of data in a smart contract that have a hash saying you have claim to them

But they aren’t in your possession or in your wallet

Let’s look at an example…

Have you ever wondered why all your #ETH NFTs don’t show in your wallet sometimes?

— DBCrypto⚡️ (@DBCrypt0) December 7, 2023

On the other hand, chains like Cardano (ADA), Sui (SUI), MultiversX (EGLD), and Radix (XRD) use a native-asset token model. In this model, all tokens behave as native assets within the protocol, not requiring database permissions that can be exploited. Users need to sign every transaction to move tokens in their ownership, creating another layer of security.

Interestingly, users can now benefit as developers take a more careful look toward security concerns, phishing attacks, and token models. At one point, investors will inevitably need to choose whether they accept the old standards or migrate to the newer ones in the competitive and innovative free market that is crypto.

The post Crypto investor loses $32 million in common mistake – How to avoid it? appeared first on Finbold.

By

Leave a Reply

Your email address will not be published. Required fields are marked *