A cryptocurrency whale recently became the victim of a massive phishing attack, resulting in the loss of millions of dollars in staked Ethereum on the liquid staking provider Rocket Pool. This incident, which occurred on Sept. 6, was swiftly reported by the cryptocurrency security firm PeckShield.
The hack was executed with just two transactions. In one transaction, the attacker stole 9,579 stETH, while in the other transaction, 4,851 rETH were taken. At the time of the attack, the combined value of the stolen amounts was an astounding $24 million, with $15.5 million in stETH and $8.5 million in rETH. The PeckShield team discovered that the phisher subsequently exchanged the stolen assets for 13,785 Ether (ETH) and 1.64 million Dai (DAI) tokens.
PeckShield’s findings also revealed that a significant portion of the stolen DAI tokens had already been transferred to the fully automatic cryptocurrency exchange FixedFloat. Additionally, MistTrack, the crypto tracking team of SlowMist, reported that the remaining funds had been transferred to three addresses, namely 0x4f2f02ee, 0x7023505, and 0x2abdc2ab.
The victim’s loss was attributed to the enabling of token approvals to the attacker through the signing of “Increase Allowance” transactions. Allowance or access permissions are a feature of ERC-20 tokens, which grant a third party the right to spend tokens belonging to a different owner using smart contracts. Prior warnings had been issued regarding the risks associated with approving ERC-20 allowances, cautioning users about potential scams facilitated by anonymous developers deploying malicious smart contracts.
This phishing attack took place shortly after at least five Ethereum liquid staking providers, including Rocket Pool, StakeWise, Stader Labs, and Diva Staking, imposed or began working towards implementing a self-limit rule. This rule restricts these providers from owning more than 22% of the Ethereum staking market.
The incident serves as a reminder for cryptocurrency investors to exercise caution and remain vigilant against phishing attempts and scams. It emphasizes the importance of verifying the authenticity of transactions and ensuring the security of personal information and digital assets. As the crypto ecosystem continues to evolve, it is crucial for users to stay informed about potential risks and take appropriate measures to protect their investments.
Source link