A cryptocurrency investor recently became the victim of a phishing attack on the Ethereum network, resulting in a loss of over $180,000 in USD Coin (USDC) and ANDY, a newly launched meme coin inspired by Pepe.
The attack, which took place on April 23 within a span of nearly one hour, between 05:39 and 06:29 UTC, was executed through a multi-call phishing strategy. This approach involved combining multiple function calls into a single transaction, appearing benign when viewed individually but collectively constituting a malicious action.
Transaction data revealed that the attackers siphoned funds from the victim’s address to multiple wallets under their control, with some of these wallets already flagged as phishing wallets by Etherscan. The victim lost over 1.6 billion ANDY tokens valued at $162,400 and 17,913 USDC in total.
As a result of the attack, the victim’s account was emptied, with only a remaining balance of $32 worth of Ethereum (ETH) and Arbitrum (ARB). While one of the attacker’s addresses retained the stolen assets, the second address swiftly swapped all the ANDY tokens for Wrapped Ethereum (WETH) on Uniswap before transferring the WETH to a new address.
This type of attack typically exploits the victim’s interactions with smart contracts. Malicious actors often create contracts disguised as standard DeFi operations, embedding calls within transactions that facilitate the unauthorized transfer of the victim’s tokens to the attacker.
This incident follows a similar attack last month, where $674,000 in USDC was lost to phishing. The perpetrators promptly liquidated the assets via the Ox protocol. With the rise in prevalence of such schemes, a recent report disclosed that over 57,000 crypto users lost $46 million to phishing attacks in February alone.
Powered by Crypto Expert BD
Follow us on Twitter: https://x.com/CryptoExpert_BD
Join our Telegram channel: https://t.me/CryptoExpert_BD
