Another 218K Stolen in a Phishing Scam . Maybe a Person of Interest?

Here’s yet another interesting Phishing scam that took place a few hours ago.

It appears the hacker used Inferno Drainer in this scam.

0xe265398BC6EA0A4Ae1de43De6e0fad81c205013b – Hacker 0x4Ea01f0D7DFCB0C894C2553c282Ce165c66865F0 – Hacker Contract 0xd44f48962E1E9146d9aaB3e326a34537c10D66B7 – Hacker Legacy Wallet 0x9f6bCC3d52624A2BE52A6b5499B582B98F7e5A41 – Victim

Above is connecting all 3 Hacker wallets to each other and the Victim.

The victim lost 218K in aEthWETH (Wrapped Aave Eth?)

Of particular interest to me in this one is connecting on-chain data with off-chain data.

For example, the hacker wallet of 0xe265398BC6EA0A4Ae1de43De6e0fad81c205013b [created a day ago] is funded by a contract of 0x4Ea01f0D7DFCB0C894C2553c282Ce165c66865F0 [also created a day ago] which was funded by 0xd44f48962E1E9146d9aaB3e326a34537c10D66B7.

0xd44f48962E1E9146d9aaB3e326a34537c10D66B7 has a twitter account directly associated with the wallet. You can look that up on your own.

When investigating hacker/scammer activity, sometimes I have to go 3, 4 or 5+ jumps before finding anything of interest.

A look inside 0xd44f48962E1E9146d9aaB3e326a34537c10D66B7. I pulled out the deposit addresses on the right.

The deposit addresses associated with the above include

0xea985a702240Cb5eA3785434AB6BAAC74E7A7E59 – Binance 0xEecE0833f69159255426eedaf425bC3B38a20475 – Binance 0xd44f48962E1E9146d9aaB3e326a34537c10D66B7 – Binance 0xeB6634484Ba02495552B865eE04A1F8017380BB7 – AscendEX 0x7a63ec7aFFD8c5916B5DF52E830Ad38892C2E2d0 – FTX (lol)

As of now, the hacker wallet of 0xe265398BC6EA0A4Ae1de43De6e0fad81c205013b has about 255K in assets, 218K from one victim, the rest from a few other victims.

0xe265398BC6EA0A4Ae1de43De6e0fad81c205013b was created about a day ago and already has about 255k in stolen assets.

I’m sure the hacker will move these funds to intermediary or deposit addresses in the coming hours or days.

Stay safe out there!