Crypto scammers stole more than $6 million from a meme coin investor using a fake Zoom meeting link that was part of a phishing attack.
On November 11, scammers seized the meme coin Gigachad (GIGA) worth approximately $6.09 million from a whale investor after tricking them into clicking a malicious link spoofing a Zoom meeting invitation.
The victim, who identified himself as ‘Still in the Game’ on X, said the link led to malware being downloaded to their laptop, which allowed the attacker to drain the money.
Blockchain monitoring service Onchain Lens noted in its post-attack report that the attacker managed to empty three different wallets for 95.27 million GIGA, but only managed to sell it for 11,759 SOL, worth $2.1 million, pushing the price of the meme coin from $0.63 to $0.54. .
The attacker then converted the SOL into USDT and USDC stablecoins, transferred them to a separate address where they currently remain, and “indirectly” sent an additional 700 SOL to the centralized exchange KuCoin, according to Onchain Lens.
Although the pseudonymous victim explained that the recent sell-off was due to a phishing attack, GIGA has since fallen over 15% and was trading at just over $0.049 at press time.
The United States Federal Bureau of Investigation and a forensics team are currently investigating the matter to help recover the stolen funds.
Crypto research firm Scam Sniffer highlighted the similarity between legitimate Zoom links and a malicious link used in a phishing attack. Fake link, “us04-zoom[.]us” is very similar to the legitimate “us02web.zoom”[.]This can trick unsuspecting users into clicking.
While this seems simple enough to detect, scammers often use social engineering tactics to gain their victims’ trust before directing them to click on these malicious links. They may pretend to be trustworthy or create a sense of urgency; This makes it easy for unsuspecting users to miss subtle differences in URLs.
Earlier this year, a cybersecurity engineer warned of a similar attack targeting holders of non-fungible tokens. Scammers used links disguised as a Zoom invitation, leading to a fake web page that closely mimics the video conferencing platform. The site tricked users into installing malware that infiltrates the victim’s computer and extracts sensitive data.
Meanwhile, crypto phishing scams have become increasingly sophisticated in various forms over the years, leading to losses of over $750 million in the third quarter of 2024 alone, according to blockchain analysis firm CertiK.
Some of the biggest attacks in recent months include the theft of $35 million in DAI from a VC fund-linked wallet and $55 million in DAI from a whale wallet; These both result from victims signing a “consent” signature as part of a consent phishing scam. .