<img src="https://crypto.news/app/uploads/2023/12/crypto-news-hacker-watch-on-his-laptop-blue-flame-on-the-screen-matrix-blue-program-code-Decentralization-blockchain-system-background01.webp” />
An investor just fell victim to a phishing attack and lost over $101,000 worth of multiple cryptocurrencies across multiple blockchains.
According to Blockchain security firm PeckShield, the address lost more than 237.8 billion OSAK worth $66,682 from the defi project's Osaka Protocol, and 287 billion CAW tokens valued at $26,490.
<figure class="wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter“/>
Additionally, 213 HIGH worth $938 and 426 USDT were stolen on the ethereum network. Other assets acquired include 3,000 USDC on BNB Chain, including 0.5 PENDLE and 0.1 WBTC on Arbitrum. At the time of writing, the address still contains $7,000 in crypto assets.
the exploiter ADDRESS still has assets stolen at last check, with a balance of approximately $220,000 across multiple chains. The attackers exploited the victim by implementing a multi-call function, which allows multiple smart contract functions to be executed in a single transaction.
Hackers take advantage of this by tricking users into signing transactions that appear legitimate but actually include malicious multi-call features. The code allows the malicious actor to transfer funds or interact with contracts without the intended consent of the user, resulting in the loss of assets.
This year, the crypto space has experienced several phishing attacks, albeit with reduced frequency. Recently, an unidentified market participant fell victim to such a scam, resulting in a substantial loss of over $674,000 in USDC, highlighting the ongoing threat of these fraudulent schemes.
Additionally, this incident mirrors similar phishing attacks reported earlier this month, where a victim lost $145,000 worth of nfts on Bored Ape Yacht Club (BAYC). In that case, three BAYC nfts were stolen.
In another incident reported in April 2024, a trader lost over $180,000 worth of USDC and Andy tokens. The attackers employed a similar multi-call tactic, combining multiple function calls into a single transaction, resulting in outflows of money from the victim's address to multiple wallets controlled by the hackers.
