Skip to content

Crypto investor loses $32 million in common mistake – How to avoid it?

Phishing: Crypto investor loses $32 million in common mistake - How to avoid it?

Someone lost (yet another) millions of dollars worth of funds to a phishing attack while using decentralized finance (DeFi). This is a common mistake among users, affecting even investors with advanced knowledge if using cryptocurrencies that facilitate these attacks.

In this most recent event, the Ethereum address ‘0xAA1582084c4f588eF9BE86F5eA1a919F86A3eE57‘ lost 12,083.6 spEWTH, worth $32.33 million. Ethereum’s blockchain registered the transaction to two addresses labeled “Fake Phishing” on September 28 at 6:15 a.m. UTC.

Finbold consulted the Arkham Intelligence database, which suggests the address belongs to Shixing Mao, also known as DiscusFish on X. Right now, it still holds $8.25 million worth of tokens, of which $2.85 million are in DAI stablecoin.

Notably, Shixing Mao is an experienced crypto executive and co-founder of F2Pool and Cobo. If this address truly belongs to Mao, it is yet another cautionary tale about how even experts can fall victim to such attacks – urging the need to find universal solutions to avoid similar events.

0xAA1582084c4f588eF9BE86F5eA1a919F86A3eE57 transaction on EtherScan (up) and balance on Arkham Intelligence (down).

1 in 7 crypto investors were victims of Phishing

A survey from WalletConnect shows that nearly one in every seven cryptocurrency users has fallen victim to a Phishing attack. According to WalletConnect, 14.4% of respondents said, “Yes, I have lost crypto due to a phishing attack or scam.”

Survey: “Have you ever lost crypto due to phishing or hacks?” Source: WalletConnect

Accounts on X have reported some of the big numbers crypto investors lost while interacting with malicious contracts or addresses. A recent example involves Scam Sniffer‘s report on July 23 of a $4.69 million loss of Pendle (PENDLE) re-staking tokens.

Also, the $55 million DAI loss to a phishing attack Lookonchain reported on August 21, urging users to double-check transactions. In the first half of 2024, Scam Sniffer identified over $314 million stolen across Ethereum Virtual Machine (EVM) chains.

On Finbold, we have reported plenty of these cases. Namely related to the TON ecosystem, Tether freezing suspicious activity, and the attacker who returned stolen wBTC.

Yet, these are only part of a broader issue that costs users worldwide millions of dollars. Surprisingly, newer but less popular technologies and crypto protocols are already partially mitigating this issue.

How to avoid phishing attacks and wallet drains on DeFi?

Essentially, most of these attacks are due to human error, exploited in different ways. For example, connecting a wallet to a malicious application or signing a malicious permission or transaction.

The most natural way to avoid falling victim to a phishing attack or wallet drain is to double-check websites and understand what you are signing up for, literally. For that, users can prioritize wallets and protocols with easily readable transaction signing, disclosing the action in detail.

However, more advanced technologies have already developed built-in solutions for crypto protocols that help prevent human errors, focusing on security.

Native assets prevent phishing and wallet drains

Popular blockchains like Ethereum (ETH), BNB Chain (BNB), Solana (SOL), Tron (TRX), Avalanche (AVAX), and Near (NEAR) all use a model where tokens work differently from their native assets, functioning through smart contract calls that require a previous special permission to move the funds.

Dave, also known as DBCrypto, commented about this model with Finbold.

“The smart contract-based token model found on Ethereum, L2’s, and EVM chains is not only inefficient but also insecure, delaying Web3 adoption.”

– Dave (DBCrypto)

On the other hand, chains like Cardano (ADA), MultiversX (EGLD), and Radix (XRD) use a native-asset token model. In this model, all tokens behave as native assets within the protocol, not requiring database permissions that can be exploited. Users need to sign every transaction to move tokens in their ownership, creating another layer of security.

Looking for a more technical perspective, Finbold consulted Avaunt, an IT expert and creator of ShardSpaceApp.

“Unlike in message-based virtual machines (VMs) like the EVM and SVM, where users’ token and NFT balances are defined as line items within smart contracts, platforms like Radix treat native assets as physical assets that reside in on-ledger vaults within smart accounts, which exist at the protocol level. When a user transfers a token or NFT from one account to another, the protocol enforces strict rules to withdraw the exact number of tokens from the isolated vault inside the user’s smart account, independent from other resource vaults within the account. Radix, MVX, and Cardano are some of the networks that leverage the inherently more secure features of native assets.”

– Avaunt

Interestingly, users can now benefit as developers take a more careful look toward security concerns, phishing attacks, and token models. At one point, investors will inevitably need to choose whether they accept the old standards or migrate to the newer ones in the competitive and innovative free market that is crypto.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account? Sign In

Disclaimer: The information on this website is for general informational and educational purposes only and does not constitute financial, legal, tax, or investment advice. This site does not make any financial promotions, and all content is strictly informational. By using this site, you agree to our full disclaimer and terms of use. For more information, please read our complete Global Disclaimer.