A cryptocurrency investor recently fell prey to a phishing scam on the Ethereum network, resulting in a loss of more than $180,000 in USD Coin (USDC) and ANDY, a new meme coin inspired by Pepe.
According to data from Etherscan, the attack took place on April 23 over the course of an hour, from 05:39 to 06:29 UTC. The attackers employed a multi-call phishing strategy, bundling multiple function calls into a single transaction. While each call may have seemed harmless on its own, together they orchestrated a malicious act.
The attackers managed to siphon funds from the victim’s account to several wallets linked to them. Some of these wallets were already flagged as phishing wallets by Etherscan. The victim lost a staggering 1.6 billion ANDY tokens valued at $162,400, along with 17,913 USDC.
As a result, the victim’s account was completely drained, leaving only $32 worth of Ethereum (ETH) and Arbitrum (ARB). One of the attacker’s wallets retained the stolen funds, while the other quickly converted all the ANDY tokens to WETH on Uniswap before transferring the WETH to a new address.
This attack likely exploited the victim’s interactions with smart contracts. In such cases, fraudsters create contracts that mimic legitimate DeFi operations, like token swaps, while including hidden calls that enable the unauthorized transfer of the user’s assets.
A similar incident was reported by Crypto.news last month, where $674,000 in USDC was lost to a phishing attack. The stolen assets were swiftly moved to the Ox protocol for liquidation. With the rise in such fraudulent activities, a recent report indicated that over 57,000 crypto users lost $46 million to phishing scams in February alone.