Crypto whale loses $24M in staked Ethereum to phishing attack
Helen Partz10 hours agoCrypto whale loses $24M in staked Ethereum to phishing attackA significant portion of the stolen funds has been transferred into the fully automatic cryptocurrency exchange FixedFloat.3274 Total views45 Total sharesListen to article 0:00NewsJoin us on social networksA cryptocurrency whale has fallen victim to a massive phishing attack, losing millions of dollars in staked Ether (ETH) on the liquid staking provider Rocket Pool.
The investor lost their entire address balance of Lido Staked ETH (stETH) and Rocket Pool ETH (rETH) on Sept. 6, the cryptocurrency security firm PeckShield reported.
The hack was completed in just two transactions, with 9,579 stETH stolen in one and 4,851 rETH in another. At the time of the attack, the amount stolen was worth $15.5 million in stETH and $8.5 million in rETH, a staggering $24 million combined.Transactions in the $24 million phishing hack. Source: X
According to PeckShield, the phisher subsequently swapped the assets for 13,785 ETH and 1.64 million Dai (DAI).
A significant portion of the DAI stash has already been transferred into the fully automatic cryptocurrency exchange FixedFloat, PeckShield reported.
SlowMist’s crypto tracking team, MistTrack, reported that most of the remaining stolen funds were transferred to three addresses.
Related:MetaMask scammers take over government websites to target crypto investors
According to anti-scam source Scam Sniffer, the victim enabled token approvals to the scammer by signing “Increase Allowance” transactions.“Increase Allowance” method on the phisher’s transaction. Source: Etherscan
Allowance or access permissions are a feature of ERC-20 tokens that enable a third party to have the right to spend some tokens that belong to a different owner, using smart contracts. Some cryptocurrency observers have warned against risks associated with approving ERC-20 allowances, noting that anonymous developers could deploy malicious smart contracts to scam users.
The news comes shortly after at least five Ethereum liquid staking providers — Rocket Pool, StakeWise, Stader Labs and Diva Staking — imposed or started working to impose a self-limit rule in which they promise not to own more than 22% of the Ethereum staking market.
Collect this article as an NFTto preserve this moment in history and show your support for independent journalism in the crypto space.
Magazine:Asia Express: Thailand’s national airdrop, Delio users screwed, Vietnam top crypto country# Blockchain# Cryptocurrencies# Phishing# Ethereum# Scams# HacksAdd reactionAdd reactionRead moreWho invented NFTs?: A brief history of nonfungible tokensChatGPT-coded smart contracts may be flawed, could ‘fail miserably’ when attacked: CertiKHow to handle crypto trading gains and losses on your balance sheet