Holder of GigaChad Tokens Loses $6 Million in Phishing Attack

Posted by cryptonews Crypto News November 12, 2024 159 Views

A phony Zoom link was used in a phishing attack that cost a GigaChad token investor $6 million.

Another significant loss for a cryptocurrency holder due to social engineering techniques occurred recently when an investor in GigaChad (GIGA) tokens lost $6 million in a sophisticated phishing attack.

The hack was confirmed on November 12 and targeted the victim, known by the online pseudonym “Still in the Game,” through a fake Zoom link designed to steal wallet credentials.

This attack triggered an immediate sell-off of GIGA tokens and a noticeable market dip.

The hacker obtained unauthorized access to the investor’s wallet by taking advantage of a slight variation in the URL of a Zoom link that appeared to be authentic.

Once inside, the hacker was able to extract 95.3 million GIGA tokens and transform them into more liquid stablecoins, which made tracking and retrieval much more challenging, according to on-chain analysis by Scam Sniffer and Onchain Lens.

GigaChad Token Phishing Attack: How Hacker Stole $6M

When the victim, “Still in the Game,” clicked on what looked to be a typical Zoom meeting invite link, the phishing incident started.

Scam Sniffer, a blockchain security company, later found that the link, which was made to look like an official Zoom URL, actually led users to a malicious website.

This made it possible for the hacker to track transactions from the victim’s computer and gather private wallet information.

The hacker quickly liquidated the approximately $6.09 million worth of stolen GIGA tokens after gaining access.

Onchain Lens detailed how the attacker first converted the GIGA tokens into 11,759 Solana (SOL) tokens, valued at roughly $2.1 million, before further splitting the funds into Tether (USDT) and USD Coin (USDC) stablecoins.

Following that, these stablecoins were distributed among a number of wallet addresses, including a 700 SOL deposit into a KuCoin exchange wallet.

Hackers frequently employ this strategy. The hacker successfully hides the stolen money and evades quick detection by distributing the assets among several tokens and wallets.

A slight change to the URL, which is a strategy used to trick even wary users, was present in the phony Zoom link.

Scam Sniffer’s tweet on the matter pointed out how subtle differences in URLs can be a potent tool for hackers:

“Compare carefully: us04-zoom[.]us vs. us02web.zoom[.]us.”

This similarity is critical to the attack’s success. To prevent such incidents, users are urged to verify URLs from unknown sources before clicking them.

Growing Security Concerns Amid Ongoing Investigations

“Still in the Game” disclosed that he had enlisted the FBI and a forensic team to track down the stolen assets after the attack.

However, because of the pseudonymity of blockchain technology, asset recovery in cryptocurrency is still difficult.

This quarter’s losses are not the first. So far in Q4, phishing attacks have cost over $60 million.

Prior to this, a crypto venture capital fund associated with Continue Capital lost more than $36 million in wrapped Ethereum tokens (fwDETH) due to a phishing attack.

By taking advantage of a fake “permit” signature, the October 11 attack enabled users to sign transactions without actually touching their assets.

Similarly, on September 29, a whale also lost $32.4 million in spWETH tokens; another lost $55.4 million in Dai stablecoins in August.

According to CertiK, over $753 million was lost to fraud in Q3 2024, including $127 million in phishing, making crypto the second most targeted sector for identity fraud in Q2.

Tags: