Victims are lured via videos being shared saying it can be used for flash loan arbitrage as well as promising profitable staking - impersonating Bakery Swap, a BSC DApp.
The one in the video and the provided link in the description are different. Upon checking, the creator has two repos that were created in June 2021. So this is a long-running scam that was revived...
The only notable things that I can retrieve are two:
- there's another account that contributed named MahimaMathews03, this user has multiple contributions since 2019, yet nothing is public...
- another EOA: 0x59EdE53EbC0E70ac060Ee8Eb0F10538b6c12F664
That's basically it for the Github part. Let's move on to the non-Github domains...
/flashloan.live works on two chains only. These are ETH and BSC.
The associated EOA is: 0x03dFFA990F8fD07d383d4fEC5a595E5153982432
It simply prompts to transfer ETH or BNB to the EOA.
The 2nd video, on the other hand, is a mix of things. It has the wallet drainer, and phishing content hosted.
Checking the main domain reveals an opendir. We can see the other fake bakeryswap with the same EOA and phishing contents.
First..."Document.txt" is a Microsoft office phishing page
Second....folder xx0transactionspending, on the other hand, is the good ol' WalletConnect template which targets several wallets.
Last that we will cover is the comment left by the malicious actor/s...
Адресс на кнопке