Yet another phishing attack? Terra users lose $4.3 Million, according to security firm

Saif Naqvi
Blockchain
Source: Pixabay

Top 10 DeFi platform Terra has recently faced several malicious attacks that have resulted in some users losing around $4.3 Million worth of funds, according to security firm SlowMist.

Source: Twitter

SlowMist, the blockchain security tracking stolen funds from the Ronin hack, has reportedly discovered a phishing scam on the Terra Blockchain. Based on its findings, multiple users on the Terra blockchain lost funds worth $4.3 Million in a phishing scam that falsely imitated popular liquidity protocols Anchor Protocol or Astroport.

SlowMist claims that several malicious links based on popular Terra project Anchor Protocol and Astroport appeared as the first search options on Google and tricked unsuspecting investors. Once users clicked on these links, the website’s domain name changed and the requested users to connect their wallets and give up their seed phrase. SlowMist later advised caution against clicking on links or Google advertisements with questionable sources.

The firm added that between 12-21 April, 52 different addresses were affected in the attack, and the stolen goods, amounting to $4.3 Million, were transferred to a Terra ID. For the moment, it is unclear whether the funds were cashed out on exchanges.

Source: Twitter

Notably, SlowMist was involved in the aftermath that took place after the Ronin network was compromised for $615 Million. It actively tracked the stolen goods and detailed how the scammer attempted to withdraw the stolen goods at crypto exchanges Huobi and FTX.

What Are Website Phishing Scams?

Phishing scams are one of the most common methods of fraud and theft in the crypto industry. In website phishing attempts, scammers often create fake websites, crypto trading platforms, and wallets using similar domain names from the sites they attempt to mimic. Details like a wallet’s password, recovery phrase (seed phrase), and other financial information, end up in the scammers’ hands.

Recently, a man lost $650K worth of goods from his MetaMask wallet after a phishing scam that imitated an Apple representative. The scammer obtained the password to the victims’ MetaMask wallet via a seed phrase which was backed up on his iPhone. MetaMask later cautioned against phishing scams and advised Apple users on how to disable the iCloud backup function on their phones.