An investor fell victim to a phishing attack and lost over $101,000 in multiple cryptocurrencies across multiple blockchains.
According to blockchain security firm PecShield, over 237.8 billion OSAK worth $66,682 and 287 billion CAW tokens worth $26,490 were lost from defi project Osaka Protocol to this address.
Additionally, 213 HIGH and 426 USDT worth $938 were stolen on the Ethereum network. Other assets acquired include 3,000 USDC on the BNB chain, including 0.5 PENDLE and 0.1 WBTC on Arbitrum. At the time of reporting, there was still $7,000 in crypto assets stored at this address.
The exploiter's address still held the stolen assets at the time of last check, boasting a balance of approximately $220,000 across multiple chains. The attacker exploited the victim by introducing a multi-call feature that allows multiple smart contract functions to be executed in one transaction.
Hackers exploit this to trick users into signing transactions that appear legitimate, but actually contain malicious multi-call functionality. This code allows malicious attackers to transfer funds or manipulate contracts without the user's intended consent, leading to loss of assets.
This year, the cryptocurrency industry has seen several phishing attacks, albeit less frequently. Recently, an unidentified market participant fell victim to such a scam, incurring significant losses of over $674,000 in USDC, highlighting the continuing threat of these fraudulent schemes.
Additionally, this incident mirrors a similar phishing attack reported earlier this month, in which the victim lost $145,000 worth of Bored Ape Yacht Club (BAYC) NFTs. Three BAYC NFTs were stolen in this incident.
In another incident reported in April 2024, a trader lost over $180,000 in USDC and Andy tokens. The attacker employed a similar multi-call tactic, where he combined multiple function calls into a single transaction, resulting in the exfiltration from the victim's address to multiple wallets controlled by the hacker.
