A new crypto scam has been uncovered that has resulted in the theft of over $5.9 million from unsuspecting victims.
The scam, which utilizes a phishing exploit known as Permit2, has been linked to over 689 phishing websites created since March 27.
The scam was discovered after a Twitter user who goes by the name of 0xSaiyanGod, also known for their interest in security matters, stumbled upon a promoter of the scam service while browsing the Scam Sniffer Telegram channel. Upon reporting the scammer to the channel, the security service initiated an investigation.
Scam Sniffer then uncovered a screenshot evidencing a $103,000 transaction made through a phishing scam that utilized a Permit2 exploit, which takes advantage of a simplified version of the token approval process.
With the transaction hash in hand, the Scam Sniffer team went on to search for the exploiter’s address, which was eventually discovered.
The address was linked to over 689 phishing websites created since March 27, amounting to more than $5.9 million stolen across various networks, including Ethereum, Arbitrum, Polygon, and BNB Chain. The report further noted that one of the biggest victims has lost $400,000 worth of assets.
“By analyzing the on-chain funds’ collection addresses, it is estimated that there were approximately 1,699 ETH stolen and distributed among these 5 large addresses,” the report said, adding that they keep around 300 to 400 ETH in each address.
Crypto Scams and Hacks Continue to Take Victims
The recent scam is just the latest in a string of crypto scams and hacks that have plagued the industry in recent months.
In April alone, over $103 million of funds were stolen from unsuspecting investors and projects. Some of the more notable hacks in the month include the loss of $25.4 million due to the exploit of MEV trading bots, $22 million stolen in a hot wallet exploit from Bitrue exchange, and the hack of South Korean GDAC exchange leading to a loss of $13 million, according to a report by crypto security and auditing company Certik.
Furthermore, around $74.5 million was lost to crypto and DeFi exploits in April, making up half of the total $145 million exploited in the first four months of the year.
The increasing number of crypto scams and hacks is a major concern for the industry. As the value of cryptocurrency continues to grow, so too does the incentive for criminals to target the industry. It is important for investors to be aware of the risks and to take steps to protect themselves from scams and hacks.