A massive phishing attack has wiped out $24 million worth of crypto from an unsuspecting victim, according to a report by cybersecurity watchdog Scam Sniffer. The attack, which occurred overnight, targeted stETH and rETH tokens, which are Ethereum-based derivatives that allow users to stake their ETH and earn rewards.
— Scam Sniffer (@realScamSniffer) September 7, 2023
The assets that were stolen in the phishing attack were liquid staking derivatives. These included 4,851 Rocket Pool ETH (rETH) with a value of $8.5 million and 9,579 Lido Staked ETH (stETH) with a value of $15.6 million. This incident is one of the largest individual crypto phishing attacks to date.
The Attacker Used a Sophisticated Phishing Hack
The attacker managed to trick the victim into signing “increaseAllowance” transactions, which gave the scammer permission to move the victim’s tokens. The scammer used fake websites and emails that mimicked legitimate crypto platforms and services, such as Lido Finance and StakeWise, which offer staking solutions for ETH holders.
The stolen funds were quickly transferred to various addresses and platforms, making it difficult to track and recover them. Some of the funds were sent to FixedFloat, a crypto exchange service, while the majority remained in three separate addresses.
The crypto community has been following the movement of the funds closely, with tools like MistTrack providing real-time updates.
This incident highlights the risks and challenges of the crypto industry, which is still largely vulnerable to cyberattacks. Investors and traders are advised to exercise extreme caution when dealing with unfamiliar platforms or approving transactions.
They should also verify the authenticity of the websites and emails they receive, and avoid clicking on suspicious links or attachments. The phishing attack comes amid a surge in crypto scams, hacks, and rug pulls, which have resulted in hundreds of millions of dollars in losses for crypto users.
A report by Web3 security company Beosin reveals that the first half of 2023 saw a staggering $656 million in cryptocurrencies lost to malicious actors. The report also warns that the second half of the year could see more sophisticated and large-scale attacks, as scammers exploit the growing popularity and innovation of the crypto space.