Recent Crypto Hack “Crypto Whale Duped Out of $24M in ETH”
Sep 7, 2023 21:37 UTC
| Updated:
Sep 7, 2023 at 21:37 UTC
In a shocking turn of events, a cryptocurrency whale has been swindled out of a staggering $24 million due to a sophisticated phishing attack. The unfortunate incident took place on September 6, when the investor’s entire balance of Lido Staked ETH (stETH) and Rocket Pool ETH (rETH) was drained on the liquid staking platform, Rocket Pool.
The cryptocurrency security firm, PeckShield, shed light on the details of the attack. The malicious actor managed to siphon off 9,579 stETH and 4,851 rETH in just two swift transactions. At the time of the theft, the stolen assets were valued at $15.5 million and $8.5 million respectively.
Post-theft, the phisher was quick to convert the assets, swapping them for a total of 13,785 ETH and 1.64 million Dai (DAI). PeckShield’s investigations revealed that a significant chunk of the DAI was promptly transferred to the cryptocurrency exchange, FixedFloat.
MistTrack, a crypto tracking team from SlowMist, reported that the majority of the remaining stolen funds were funneled into three distinct addresses.
The root cause of this breach? According to Scam Sniffer, an anti-scam platform, the victim inadvertently granted token approvals to the scammer by signing “Increase Allowance” transactions. This feature, inherent to ERC-20 tokens, allows a third party to spend tokens belonging to another owner via smart contracts. This incident serves as a stark reminder of the potential risks associated with approving ERC-20 allowances, especially when dealing with anonymous developers who might deploy malicious smart contracts to deceive users.
In the wake of this incident, several Ethereum liquid staking providers, including Rocket Pool, StakeWise, Stader Labs, and Diva Staking, have either implemented or are in the process of implementing a self-limit rule. This rule ensures that they do not control more than 22% of the Ethereum staking market.
The crypto community is urged to exercise caution and remain vigilant against potential threats in this ever-evolving digital landscape. For related information.
Comments are closed.