According to CertiK Alerts, crypto security tracker, a hacker account, “Fake_phishing7064”, recently sent funds to an Externally Owned Account(EOA) per Etherscan data. The EOA has moved over 100 ethereum (ETH) valued at $165k to Tornado Cash, a crypto mixer.
Etherscan phishing attack
In a tweet on early Feb.4, 2023, CertiK Alert, the account appears to be moving funds, proceeds from various phishing attacks. As per the crypto security firm, the address moved 981 ETH in the last 97 days.
CertiKSkynetAlert 🚨
An address labeled Fake_Phishing7064 on https://t.co/lb2v6r8c4s has moved assets to an EOA.
This EOA has moved 100 ETH (~$165K) to @TornadoCash.
Previously the address has sent 981 ETH over the past 96 days.
Stay vigilant! pic.twitter.com/KtYZ02csiq
— CertiK Alert (@CertiKAlert) February 4, 2023
Per Etherscan, the Fake_Phishing7064 account currently records a balance of 604 ETH valued at $1 million. The address received about 8.55 ETH from wallet address 0x70747df6ac244979a2ae9ca1e1a82899d02bbea4 on Feb. 3 at 7 PM UTC. The address is very active, having made more than 20 transactions in the past week.
The address has seen victims swiped off NFTs
In November 2022, a Psychedelic NFT investor lost their Psychonaut NFT to a phishing attack. The investor raised the theft alarm on Twitter, blaming the platform for not helping in recovering the stolen NFT.
Yo I had the same happen to me not to long ago. I tried to get help but no one was able to resolve this . And does ment a lot to me pic.twitter.com/2XiqKO8WAv
— Elia$🇲🇽🛸 (@sauleaponte) November 26, 2022
A Twitter user going by the username MetaLif3 responded to the victim, revealing how they were tricked into visiting a fake website which led to a wallet drain. After the attacker sold the Psychonaut NFT, the funds from the trade were sent to the Fake_Phishing7064 address.
Hi Elia I investigated what occurred to you as well you were also phished please see this transaction 0x7fed27f2871d7b328eb891d9b90e6fea9ae14417aa30c98bb37b23890b6f8eee (Fake_Phishing7064) so you were scammed to interact with a fake website which drained your wallet pic.twitter.com/XGcNGJmpbg
— MetaLife 🇦🇺 (@MetaLif3) November 27, 2022
It wasn’t the last phishing incident the address was involved with last year. The Tokyo Rebels NFT project ambassador LeoBailey11 alerted Blockchain enthusiast ZachXBT that some funds from the infamous phishing cyber attacker “Monkey Drainer” were moved to the Fake_Phishing7064 address.
It’s essential to exercise caution when interacting with Fake_Phishing7046 and similar accounts. Such similar accounts to keenly keep an eye on include Fake_Phishing7030, Fake_Phishing6103, and Fake_Phishing7045. Also, Etherscan recently launched ETH Protect, which allows users to protect their accounts by identifying and flagging tainted ETH addresses.
Notably, the phisher has been using Tornado Cash, a crypto mixer, to conceal the link between deposits and withdrawals.