How phishing attacks target crypto whales: The Blast Network case

Key takeaways

Holding large sums of cryptocurrency, crypto whales attract cybercriminals who launch sophisticated phishing attacks to exploit them.
These attacks often use fake websites, emails, and impersonation, with scammers posing as trusted crypto companies or famous figures to access whales’ sensitive information.
A phishing attack on the Blast Network led to substantial losses and highlighted vulnerabilities in DeFi platforms, emphasizing the need for secure transaction practices.
Crypto whales can reduce phishing risks through hardware wallets, multifactor authentication, vigilance with URLs and regular monitoring of systems and transactions.

With faster, cheaper and more secure transactions, cryptocurrencies offer a compelling alternative to traditional finance. Still, behind this lies a darker side where scamsters are always looking for a vulnerability to exploit and extract money at the victims’ cost.

Crypto whales, investors holding massive amounts of cryptocurrency, are high-value targets for cybercriminals. Phishing is one of the most common and successful methods of attack to siphon off money from the whales.

Phishing attacks use emails, texts or websites that look authentic to deceive whales into divulging personal information, generally their passwords or keys. The stakes are significantly greater and the strategies employed are more advanced in the case of crypto whales.

The Blast Network case, in which a group of fraudsters carried out a series of phishing attempts that rocked the crypto world, emphasizes the risks of phishing for whales.

The case concerns the role of whales in the crypto ecosystem, what are phishing attacks, why crypto whales are vulnerable to phishing, the Blast Network case, how to prevent such attacks and what crypto whales should do in case of an attack.

Role of whales in crypto ecosystem

Before getting into the details of phishing, it’ll help to discuss crypto whales. A whale holds a significant amount of a particular cryptocurrency, often in the millions of dollars, enough to influence the market.

When you buy or sell cryptocurrency as a whale, it causes noticeable shifts in the price of the underlying asset. Whales generally buy and sell crypto in large quantities, which drives the price or pushes it down due to increased or reduced demand.

Some examples here will help you understand how whales’ actions influence prices.

A Bitcoin (BTC) whale sold off a significant amount of BTC in May 2021, causing a sudden drop in price of about 30% and leading to a cascading effect of selling, further driving prices down.

In May 2022, Ether (ETH) whales transferred a massive $1.03 billion worth of Ethereum in a single day, driving prices up 3.35%.

Large accumulations by ETH whales push prices up

These whales, who may be individuals or institutions, have real financial power in the market, making them high-value targets for cybercriminals.

Did you know? Cryptocurrency investment fraud losses surged to $3.96 billion in 2023, a 53% increase from the previous year.

What are phishing attacks?

Phishing attacks deceive users into disclosing private keys, passwords or other sensitive information. While most people associate phishing attacks with email fraud, these attacks may take different forms in the crypto arena.

Traditionally, scamsters launching phishing attacks send an email posing as an executive in your bank, sharing a link you’re asked to access on some pretext like filling out a form or resetting a password. Though the website may appear authentic, the link is usually a hoax. Whatever information you enter or set up reaches the frauds.

The modus operandi is the same when the attacker launches a crypto scam. The only difference is that hackers are attempting to access your digital wallet rather than your bank account.

Phishing attacks in crypto may include:

Fake websites that look like legitimate crypto exchanges or wallets.
Emails or messages that claim to be from a crypto company or service you use, urging you to “verify” your account or respond to an urgent request.
Social engineering tactics, where attackers impersonate someone you trust, like a customer support agent or even a well-known figure in the crypto world.

Representation of a phishing attack

Did you know? Phishing attacks are the most common initial attack vector, according to IBM, accounting for 41% of incidents. CSO Online reports that over 80% of security breaches result from phishing.

Why are crypto whales vulnerable to phishing?

What makes crypto whales so susceptible to phishing attacks? After all, given the money they hold, they should exercise greater caution.

First, the enormous quantity of money whales hold is one of the main reasons fraudsters go after them. The open-source nature of public blockchains helps the scamsters identify wallets with huge amounts of funds. Moreover, the reward for scamsters who successfully assault a whale is significantly more than that of attacking a typical crypto investor. To increase their chances of success, fraudsters create increasingly sophisticated and customized phishing attacks.

Second, as whales tend to conduct large transactions, it makes them more likely to interact regularly with exchanges, wallet, and other crypto services. Frequent interaction on their part provides hackers with more opportunities to launch phishing attacks. It’s easier to slip in a fake message or email and convince a user when they’re already expecting to communicate with a platform.

Third, fraudsters launching phishing attacks are masters of impersonation, whether they’re pretending to be a legitimate crypto company or even an influencer. Whales, like all humans, may sometimes let their guards down when they think they’re interacting with someone trustworthy.

To identify phishing attacks, crypto whales could look for signs like copycatting (copying original organization’s color, theme, etc.), spelling errors (attackers’ negligence in proofreading emails), ambiguous links (brief URLs), public email ID (using public mail services like gmail) and disordered content (misalignment of content with originals).

How a classic phishing attack works against crypto whales

Did you know? Bitcoin whale holdings reached a new record of about 670,000 BTC on Oct. 24, 2024. According to BaroVirtual, a Bitcoin researcher at CryptoQuant, this is a positive sign for the long-term outlook of Bitcoin.

The Blast Network case

The Blast Network (BLAST) case is a prime example of how phishing attacks can be used to target crypto whales. Blast is an Ethereum layer-2 protocol offering native yield for both ETH and stablecoins. It enables users to earn interest on their assets.

The network was the target of a vicious crypto whale phishing attack, resulting in the loss of about $35 million in Few Wrapped Duo ETH (fwDETH). The fraudster tricked the whale into signing a fraudulent “permit” message, draining 15,079 fwDETH from the whale’s wallet.

The attack led to a sharp decline in the price of fwDETH, which dropped by over 90%, from $2,000 to just $100, triggering panic within the Blast network community. Although the price stabilized and partially recovered to $1,000, it caused considerable damage to the token’s market value and investor confidence

How did scamsters execute the Blast Network attack?

The crypto whales attacked on the Blast Network exposed the vulnerabilities of decentralized finance (DeFi) platforms, specifically permission-based signatures that permit transactions without direct access to private keys.

The method is quite helpful in DeFi platforms, enabling functions like asset transfers using permissions without requiring the user’s private key every time. This is how the method works:

Signing of message: You create a signed message authorizing a specific action such as making a payment for a short term.
Restricted access: This signature-based method lowers the possibility of theft as it doesn’t directly disclose secret keys.
Security consideration: Scamsters can deceive users into signing fraudulent messages that permit unauthorized transactions.

Permission-based signatures are convenient, but users must be careful of phishing attacks, or the outcome may be dangerous. In the case of Blast, the reliance on user authorization through signatures and the whale’s lack of security understanding enabled the attack.

Security companies such as Scam Sniffer and BlockSec, which identified and examined the attack, suggested that such phishing tactics have been successful in targeting unsuspecting individuals who have unknowingly allowed such access.

Did you know? Blast’s total value locked (TVL) reached $1.65 billion in Q2 2024, making it the second-largest layer-2 blockchain by this metric. This growth is primarily driven by users locking up their assets in anticipation of future rewards and airdrops.

How to prevent phishing attacks on crypto whales?

If you are a crypto whale, or any crypto user, how can you defend yourself against phishing attacks? Continual network and system monitoring is important for crypto whales to keep scamsters away:

Continual network and system monitoring

As high worth individuals, crypto whales must continually monitor their cyber security. It means constantly observing a computer network or system in order to detect and react to threats and cyberattacks.

To identify and address security problems instantly, the procedure makes use of resources including firewalls, antivirus software and intrusion detection systems. The increase in multi-stage and intricately thought-out attacks has necessitated rapid detection and shorter response times. A proactive approach helps avoid data breaches.

The mechanism must continuously monitor the network and endpoints to identify threats. The system must create alerts and initiate automated incident response procedures when it detects suspicious activity or possible threats.

Tools such as intrusion detection systems, endpoint management systems, network traffic analysis tools and Security Information and Event Management Software (SIEMS) are necessary.

Cybersecurity monitoring tools can help prevent phishing attacks

Regular security procedures for crypto whales

As investigator ZachXBT suggests, it’s important to verify the authenticity of services involving NFTs or crypto assets, especially those requesting wallet access. His investigation led the FBI to seize 86.5 Ether (ETH) and two NFTs worth over $100,000 from alleged phishing scammer Chase Senecal.

1/ I am very happy to share the FBI seized crypto, BAYC 9658, AP watch, and Doodle 3114 from the phishing scammer known as Horror (HZ) aka Chase Senecal as a result of my thread. pic.twitter.com/H1JjOjQNuF
— ZachXBT (@zachxbt) February 3, 2023

Additionally, ZachXBT's research aided France’s national cyber unit in October 2022 to catch and charge fraudsters behind a $2.5 million NFT phishing scam.

Here are some security procedures you should follow rigorously as a crypto whale:

Use hardware wallets: Your private keys are kept offline in hardware or cold wallets, which greatly reduces their susceptibility to phishing attempts. Using a hardware wallet prevents your keys from being compromised, even if you are duped into visiting a fraudulent website or sharing critical information.
Authentication: Introduce double layer security on your wallet with multi-factor authentication (MFA). It sets up a second layer of verification, like a code texted to your phone, protecting your account from scamsters even if they’ve somehow found your password.
Check email addresses and URLs: Verify website’s URLs before entering any important information. Phishing websites frequently utilize domain names that resemble authentic ones but may differ slightly, using extra characters or misspellings.
Keep away from unsolicited correspondence: Be wary if someone reaches out to you claiming to be from a wallet or crypto exchange. Never share critical information or your private keys over messaging applications or email. If you need to get in touch with the service, get in touch with the business directly through the appropriate channels.

Did you know? Phishing attacks take the longest to detect and contain, averaging 295 days, according to IBM's 2022 Data Breach Report.

What should crypto whales do in the event of a phishing attack?

As a crypto whale, when you become aware of a phishing attack, you need to take quick action to safeguard assets:

Disconnect your hard wallet: To prevent any further damage, unplug your hard wallet from the internet in case you’re using one. In case you’re using a software wallet, transfer the money to a safe wallet immediately.
Notify the exchange and authorities: If the hacked wallet is on a centralized exchange, notify it immediately about the hack. Follow this up by bringing it to the attention of appropriate authorities.
Seek help from blockchain security companies: You could rope in a blockchain security company to investigate the hack and report the bad addresses involved. It might help the authorities and the exchange get the money back partially or in full, if possible.
Examine and reinforce security procedures: To prevent future attacks, it’s essential to examine and reinforce security procedures with the help of experts. They may suggest possible vulnerabilities and how they can be fixed.

Protection against phishing requires constant vigilance, secure wallet practices and community efforts to identify threats. By staying informed and cautious, individuals can better safeguard their digital assets.