Brazilian crypto influencer gets over $211,000 drained by airdrop-related phishing scam
Brazilian crypto influencer Augusto Backes got over $211,000 drained from his wallet on Mar. 3, after clicking on a malicious link sent from a phishing email, according to a video from his channel.
Backes stated that the email address was supposedly related to an airdrop conducted by Ethereum’s layer-2 blockchain Blast. Although he receives phishing scams in his email box daily, the Brazilian crypto influencer highlighted that he was planning a script for a video and got sidetracked.
“In the middle of this anxiety, I received an email. Two months ago, I subscribed my wallet to Blast’s airdrop, and I had to prove the NFT quantity to be selected for this airdrop”, Backes says in the video. “The email seemed to be sent from Blast, and as a matter of fact, this is a well-crafted scam, with the scammer imitating the website. I clicked the ‘Claim your tokens’ button once, signed the transaction on my MetaMask, and the contract swallowed everything.”
Tokens drained by the scammer. Image: DeBank
Joe Green, Head of the Quick Response Team at blockchain security firm CertiK, pointed out that malicious addresses linked to the Inferno Drainer scam were involved in this incident. However, this scheme was closed in November 2023, and a personality associated with it moved onto the Angel Drainer team.
“So whilst malicious addresses linked to Inferno were involved in this incident it is unlikely to be an Inferno Drainer,” Green explains. “The scammers’ wallet is 0x3CF955Bf92DD56CFE51cf7024EA1F2be49CEBC2F while the fee address is 0xf672775e124E66f8cC3FB584ed739120d32bBaad. The transactions were initiated by 0x0000db5c8B030ae20308ac975898E09741e70000 which has been associated with the Inferno Drainer in the past.”
As a warning for Web3 users, Green says that users must check the sender’s email address. “In the example below, the email came from sendgrid@celmedia.cl, which is not an official Blast email. This will instantly indicate to the user that this is likely to be a phishing scam.”
CertiK’s example of a malicious sender address. Image: CertiK
Moreover, users should always double-check that the URL they’re clicking on is official before connecting their wallet and signing transactions, Green concludes.