Phishing attacker moves funds to a laundering address

February 4, 2023 at 12:47 pm

News

Phishing attacker moves funds to a laundering address

According to CertiK Alerts, crypto security tracker, a hacker account, “Fake_phishing7064”, recently sent funds to an Externally Owned Account(EOA) per Etherscan data. The EOA has moved over 100 ethereum (ETH) valued at $165k to Tornado Cash, a crypto mixer.

Etherscan phishing attack

In a tweet on early Feb.4, 2023, CertiK Alert, the account appears to be moving funds, proceeds from various phishing attacks. As per the crypto security firm, the address moved 981 ETH in the last 97 days.

https://twitter.com/CertiKAlert/status/1621750281254961152

Per Etherscan, the Fake_Phishing7064 account currently records a balance of 604 ETH valued at $1 million. The address received about 8.55 ETH from wallet address 0x70747df6ac244979a2ae9ca1e1a82899d02bbea4 on Feb. 3 at 7 PM UTC. The address is very active, having made more than 20 transactions in the past week.

The address has seen victims swiped off NFTs

In November 2022, a Psychedelic NFT investor lost their Psychonaut NFT to a phishing attack. The investor raised the theft alarm on Twitter, blaming the platform for not helping in recovering the stolen NFT.

https://twitter.com/sauleaponte/status/1596621525595357185

A Twitter user going by the username MetaLif3 responded to the victim, revealing how they were tricked into visiting a fake website which led to a wallet drain. After the attacker sold the Psychonaut NFT, the funds from the trade were sent to the Fake_Phishing7064 address.

https://twitter.com/MetaLif3/status/1596814519602679810

It wasn’t the last phishing incident the address was involved with last year. The Tokyo Rebels NFT project ambassador LeoBailey11 alerted Blockchain enthusiast ZachXBT that some funds from the infamous phishing cyber attacker “Monkey Drainer” were moved to the Fake_Phishing7064 address.

https://twitter.com/LeoBailey11/status/1589119299037564929

It’s essential to exercise caution when interacting with Fake_Phishing7046 and similar accounts. Such similar accounts to keenly keep an eye on include Fake_Phishing7030, Fake_Phishing6103, and Fake_Phishing7045. Also, Etherscan recently launched ETH Protect, which allows users to protect their accounts by identifying and flagging tainted ETH addresses.

Notably, the phisher has been using Tornado Cash, a crypto mixer, to conceal the link between deposits and withdrawals.