Another 218K Stolen in a Phishing Scam . Maybe a Person of Interest?

Here's yet another interesting Phishing scam that took place a few hours ago.

It appears the hacker used Inferno Drainer in this scam.

• 0xe265398BC6EA0A4Ae1de43De6e0fad81c205013b – Hacker
• 0x4Ea01f0D7DFCB0C894C2553c282Ce165c66865F0 – Hacker Contract
• 0xd44f48962E1E9146d9aaB3e326a34537c10D66B7 – Hacker Legacy Wallet
• 0x9f6bCC3d52624A2BE52A6b5499B582B98F7e5A41 – Victim

Above is connecting all 3 Hacker wallets to each other and the Victim.

The victim lost 218K in aEthWETH (Wrapped Aave Eth?)

Of particular interest to me in this one is connecting on-chain data with off-chain data.

For example, the hacker wallet of 0xe265398BC6EA0A4Ae1de43De6e0fad81c205013b [created a day ago] is funded by a contract of 0x4Ea01f0D7DFCB0C894C2553c282Ce165c66865F0 [also created a day ago] which was funded by 0xd44f48962E1E9146d9aaB3e326a34537c10D66B7.

0xd44f48962E1E9146d9aaB3e326a34537c10D66B7 has a twitter account directly associated with the wallet. You can look that up on your own.

When investigating hacker/scammer activity, sometimes I have to go 3, 4 or 5+ jumps before finding anything of interest.

A look inside 0xd44f48962E1E9146d9aaB3e326a34537c10D66B7. I pulled out the deposit addresses on the right.

The deposit addresses associated with the above include

• 0xea985a702240Cb5eA3785434AB6BAAC74E7A7E59 – Binance
• 0xEecE0833f69159255426eedaf425bC3B38a20475 – Binance
• 0xd44f48962E1E9146d9aaB3e326a34537c10D66B7 – Binance
• 0xeB6634484Ba02495552B865eE04A1F8017380BB7 – AscendEX
• 0x7a63ec7aFFD8c5916B5DF52E830Ad38892C2E2d0 – FTX (lol)

As of now, the hacker wallet of 0xe265398BC6EA0A4Ae1de43De6e0fad81c205013b has about 255K in assets, 218K from one victim, the rest from a few other victims.

0xe265398BC6EA0A4Ae1de43De6e0fad81c205013b was created about a day ago and already has about 255k in stolen assets.

I'm sure the hacker will move these funds to intermediary or deposit addresses in the coming hours or days.

Stay safe out there!