A cryptocurrency investor recently fell victim to a phishing attack on Ethereum, losing over $180,000 in USD Coin (USDC) and ANDY, a newly launched meme coin inspired by Pepe. Data from Etherscan reveals that the attack occurred on April 23.
Transaction data shows that the criminals carried out a phishing attack by combining several function calls into one single transaction. Although these calls seem harmless individually, when combined, they enable a harmful action.
The multiple calls triggered outflows from the victim’s address to several wallets belonging to the hackers, some of which Etherscan had already identified as phishing wallets. In total, the victim lost over 1.6 billion ANDY tokens, worth $162,400 and 17,913 USDC.
The attack emptied the victim’s account, leaving behind only $32 worth of Ethereum (ETH) and Arbitrum (ARB). One attacker’s address held onto the loot, while the second, which received all the ANDY tokens, immediately swapped them for WETH on Uniswap and then moved the WETH to a new address.
The attack likely exploited the victim’s interactions with smart contracts. Malicious actors often create contracts that appear to perform standard DeFi operations but embed calls that approve the transfer of the user’s tokens to the attacker.
Such phishing attacks are on the rise, with reports indicating that in February alone, around 57,000 crypto enthusiasts suffered losses amounting to a staggering $46 million due to these tactics.
Also Read: Velvet Capital Went Offline To Stop Phishing Attack.
