Phishing Attack of Enormous Scale Results in Crypto Loss of $24 Million for Victim
A DeFi enthusiast fell victim to a phishing attack, resulting in significant losses for their Ethereum address. The attacker managed to steal a whopping $24 million worth of cryptocurrencies by luring the victim to a malicious website and tricking them into signing “increaseAllowance” transactions on their wallet.
The stolen cryptocurrencies include $8.5 million worth of Rocket Pool ETH (rETH) and $15.6 million in Lido Staked ETH (stETH). These derivatives allow users to stake their ETH and earn rewards on the Ethereum network.
The exploit was exposed by Scam Snifer, a blockchain security firm. They confirmed that the hacker had already begun transferring the stolen funds. Some of the money was sent to FixedFloat, an instant automatic cryptocurrency exchange that supports the Bitcoin Lightning Network. However, the majority of the funds remain in three separate addresses that are not connected to each other. These addresses have been linked to numerous crypto phishing sites, proving the scammer’s involvement.
Although the victim’s identity remains unknown, on-chain data analysis revealed that the address targeted by the scammer is actively involved in the decentralized finance (DeFi) ecosystem. It has provided liquidity worth $1.6 million on Uniswap V3 and has also utilized various DeFi platforms, including Aave, 1inch, and Curve.
This incident highlights the increasing prevalence of crypto phishing attacks. Phishing is a type of social engineering attack where the perpetrators pose as legitimate entities through electronic communication services to deceive victims into disclosing sensitive information.
In this particular case, the attacker employed fake emails and websites that imitated two popular DeFi protocols, Lido Finance and StakeWise.
This recent incident serves as a reminder of the ongoing threat posed by sophisticated phishing scams in the crypto industry. Just a short while ago, former users of FTX experienced a phishing attack on their emails, only a week after Kroll, the claims agent involved in FTX’s bankruptcy proceedings, suffered a cybersecurity breach that compromised the non-sensitive customer data of claimants in the ongoing bankruptcy case.