Crypto whale loses $24M in staked Ethereum to phishing attack

A significant portion of the stolen funds has been transferred into the fully automatic cryptocurrency exchange FixedFloat.

6833 Total views

74 Total shares

Crypto whale loses $24M in staked Ethereum to phishing attack

A cryptocurrency whale has fallen victim to a massive phishing attack, losing millions of dollars in staked Ether (ETH) on the liquid staking provider Rocket Pool.

The investor lost their entire address balance of Lido Staked ETH (stETH) and Rocket Pool ETH (rETH) on Sept. 6, the cryptocurrency security firm PeckShield reported.

The hack was completed in just two transactions, with9,579 stETH stolen in one and4,851 reETHin another. At the time of the attack, the amount stolen was worth $15.5 million in stETH and $8.5 million in rETH, a staggering $24 million combined.

Transactions in the $24 million phishing hack. Source: X

According to PeckShield, the phisher subsequently swapped the assets for 13,785 ETH and 1.64 million Dai (DAI).

A significant portion of the DAI stash has already been transferred into the fully automatic cryptocurrency exchange FixedFloat, PeckShield reported.

SlowMist’s crypto tracking team, MistTrack, reported that most of the remaining stolen funds were transferred to three addresses.

Related: MetaMask scammers take over government websites to target crypto investors

According to anti-scam source Scam Sniffer, the victim enabled token approvals to the scammer by signing “Increase Allowance” transactions.

“Increase Allowance” method on the phisher’s transaction. Source: Etherscan

Allowance or access permissions are a feature of ERC-20 tokens that enable a third party to have the right to spend some tokens that belong to a different owner, using smart contracts. Some cryptocurrency observers havewarned against risks associated with approving ERC-20 allowances, noting that anonymous developers could deploy malicious smart contracts to scam users.

The news comes shortly after at least five Ethereum liquid staking providers — Rocket Pool, StakeWise, Stader Labs and Diva Staking — imposed or started working to impose a self-limit rule in which they promise not to own more than 22% of the Ethereum staking market.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: Asia Express: Thailand’s national airdrop, Delio users screwed, Vietnam top crypto country

Read More

Share:

Leave a Reply

Your email address will not be published. Required fields are marked *

Search this website