 | Early this AM a single victim lost about 6.28M from a phishing scam. This might be the single biggest TVL from a wallet drainer this year. This appears to be the work of Inferno/Angel Drainer. Wallets
How did this Scam Happen?Most of these phishing scams tend to take place when a user mistakenly interacts with a malicious contract or website. In recent times, I've seen a lot of fake websites popup on the Google Search portal where the user is tricked into giving token approval for their assets. The victim here is clearly a Whale, he may of been of victim of a "Spearphishing attack". The user lost all of their stETH and aEthWBTC, which represented the largest value tokens the user had in their walllet. Following the FundsThere's been a lot of on-chain movement from when the funds were initially moved. Big hacks/scams like this tend to attract the attention of many cybersecurity professionals. Here's what I'm seeing so far. The funds continue to be laundered as I write this post. I'll focus on the information I have now. I'll go back and update if anymore interesting activity takes place. Angel/Inferno Drainer AdminThe Angel/Inferno ADMIN funds tend to get moved very methodically, UNLESS, there's a big heist like this one. I'm showing most of the funds from the initial theft wallet of 0xa2e8Dfc32767f43611ABb43F66308E7Eb9C224F8 - Inferno/Angel ADMIN Wallet, (about 1MM) is sitting in ETH here - 0xA0578383aCdcBAc22614d78aF73532fa40e8FEa8. There's other decentralized wallets with about 200K - 300K in ETH owned by the Inferno/Angel ADMIN as well. I marked those off in the chart below. A small portion of the funds, about 200K worth of ETH, were sent to 1inch a few hours for the next phase of the laundering process. Angel/Inferno CustomerThe bulk of the user's funds went to the Customer, about 80%. Customers of drainer platforms tend to want to launder funds as soon as possible. This particular Customer has been VERY busy since the beginning of the post. Here's the information I have so far. Most of the funds the Customer received is currently staked on LIDO in the form of stETH. The rest of the funds were laundered with various methods. I'm showing about 110 ETH going directly to Tornado Cash, 83 ETH getting routed through Bridgers, and about 110 ETH through Near Intent. Some of the funds go to Bridgers/Near Intent then Tornado Cash. For example, the Near Intent outputs land in BTC here - bc1quzjv00c5vsalcst4dj0p8p2r5rwchat89aamwe, swapped back to ETH, then sent to Tornado Cash. Additionally, some of the funds end up on the TRON network landing in TRX here - TEuR8RSWJMHTCvYL77wmY17XXPzJfwD98f. Again those funds go through another round of laundering. I'll continue to update as more information comes in. Stay safe out there! P.S. - I see you sent back the other victim back his $600. [link] [comments] |
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments