A GigaChad (GIGA) token investor recently fell victim to a $6 million loss in a sophisticated phishing attack. This incident, confirmed on November 12, targeted an investor known as “Still in the Game” through a fake Zoom link crafted to steal wallet credentials, marking one of the largest social engineering-based crypto thefts this quarter.
How the GigaChad Phishing Attack Unfolded
The hacker employed a seemingly legitimate Zoom link that was actually a counterfeit, with a minor yet deceptive URL difference. This tricked the investor into opening a fake Zoom meeting link that secretly installed malware. As revealed by blockchain security firms Scam Sniffer and Onchain Lens, this malware allowed the hacker to extract 95.3 million GIGA tokens, swiftly converting them into more liquid assets like stablecoins to evade tracking and recovery.
The stolen GIGA tokens were first swapped for 11,759 Solana (SOL) tokens, worth roughly $2.1 million, then further exchanged for Tether (USDT) and USD Coin (USDC). The funds were split across multiple wallets, including a deposit of 700 SOL into a KuCoin wallet, a common strategy used by hackers to spread and obscure stolen assets.
The Importance of URL Vigilance
According to Scam Sniffer, the fake link subtly altered the Zoom URL, replacing “us02web.zoom[.]us” with “us04-zoom[.]us,” a tactic capable of tricking even cautious users. Scam Sniffer noted, “Compare carefully: us04-zoom[.]us vs. us02web.zoom[.]us.” This small variation led to a major security breach, highlighting the importance of verifying URLs from unknown sources.
Ongoing Investigations and the Rise of Phishing Attacks
“Still in the Game” has enlisted the FBI and a forensic team to investigate the hack, but asset recovery is challenging due to blockchain’s pseudonymity. This case is part of a worrying trend; over $60 million in crypto has been lost to phishing attacks in Q4 alone. Recent attacks include a $36 million theft of wrapped Ethereum from a venture capital fund in October and a $32.4 million loss of spWETH tokens in September.
According to CertiK, fraud losses in Q3 2024 exceeded $753 million, including $127 million lost to phishing, making crypto the second most targeted sector for identity fraud.
For more in-depth insights into cryptocurrency security, visit CentBit.Online, the top resource for blockchain expertise in Bangladesh.