Cases of crypto phishing scams continue to hit an all-time high in the market, causing users to lose large amounts of money to fraudsters.
In a recent development, a user lost over $4.20 million in a cryptocurrency phishing scam through malicious opcode malware.
The unidentified user fell victim to the scam attack, leading to a loss of aEthWETH and aEthUNI worth $4.20 million.
According to the Web3 security firm Scam Sniffer, the attack was carried out through a falsified ERC-20 permission signature.
The user used an ERC-20 authorization to sign for the approval of different transactions. However, the ERC-20 authorization was manipulated by an opcode contract, which enabled the scammer to bypass security alerts.
The tactics used for this scam attack make 'funds go before approval.' It involves victims creating a new address for each signature and redirecting the funds to an unknown address before the transaction gets approved.
The pillar behind such attacks is opcode malware, which is a type of malicious software used for illegal accessibility of operation codes in scripting languages on different platforms.
Opcode malware can authorize unauthorized transactions, immobilize assets within smart contracts, and reroute funds to any address.
This feature makes it capable of bypassing tight security measures and difficult to detect and remove. Opcode malware is a potent threat to the digital asset industry that needs to be stopped.
According to some tech experts, opcode malware, if allowed, takes control of a victim's computer memory, CPU, applications, system resources, and other software operational on the victim's computer.
It can also start lines of machine codes to give false but undetected instructions to carry out malicious attacks.
Over $580,000 has been stolen from at least four Web3 firms' email addresses in yet another crypto phishing attack. This was reported by digital asset scam detective ZackXBT via an X post.
According to ZackXBT, different cloned emails that appeared to be from web3 companies like DeFi, CoinTelegraph, Token Terminal, and WalletConnect were sent out to the public.
These emails had messages that directed victims to click on fake links in a bit to reward them with community airdrops. However, this led to losses of over a million dollars in digital assets.
The need to stay vigilant in the crypto space cannot be overemphasized. Although there are so many measures to take to prevent falling victim to scam attacks, not clicking on unidentified links is one sure way to avoid crypto phishing attacks.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.