A phishing attack orchestrated by a scammer known as “Monkey Drainer” has resulted in 700 ETH worth $1 million being stolen.

The phishing attack was brought to light by on-chain sleuth ZachXBT in a series of tweets on Wednesday. 

ZachXBT identified two wallets that collectively lost $370,000 from signing transactions on phishing websites operated by the Monkey Drainer. 

The first victim’s wallet lost 14 NFTs including a Bored Ape Yacht Club (BAYC) NFT and CloneX NFT, along with 36,000 USDC, taking his losses to around $150,000. The second victim’s wallet contained $6.2 million worth of crypto but lost only $220,000 as he managed to reject the other transactions.

One of the malicious websites masqueraded as Nike-owned NFT studio RTFKT and promised an airdrop of 30,000 eggs from Project Animus. Another website offered a false link claiming to be an airdrop from the newly launched Layer one blockchain Aptos.

Etherscan data shows that the scammer in question has executed more than 7,300 transactions from the drainer wallet in only a few months.

“These victims are just two of many who’ve had their funds stolen by Monkey. The total number stolen easily surpasses $3.5m with that number rapidly increasing by each day,” wrote ZachXBT in a tweet.

The on-chain sleuth cautioned users to be extra diligent when visiting unknown sites and connecting their wallets to sign transactions.

Phishing-related crypto exploits have been on the rise lately, tricking unsuspecting users into giving away their private keys. Earlier this week, a phishing attack targeted at users of leading crypto exchanges resulted in them unknowingly compromising their API keys. U.S. crypto exchange FTX was one of the exchanges that saw its users lose funds to the scam and vowed to compensate $6 million worth of losses for one time only.