Know about the phishing attack that stole $24 million worth of ETH from Crypto Whale’s wallet
A cryptocurrency whale was the target of a massive phishing attack, which resulted in the loss of millions of dollars worth of staked Ether on the liquid staking platform Rocket Pool. On September 6, according to the cryptocurrency security company PeckShield, the investor lost all of their Lido Staked ETH (stETH) and Rocket Pool ETH (rETH) address balances.
Only two transactions were required to accomplish the hack, with 9,579 stETH and 4,851 rETH taken in each. At the time of the incident, the stolen funds were valued at $24 million in total $8.5 million in rETH, and $15.5 million in stETH.
PeckShield claims that the phisher later exchanged the assets for 13,785 ETH and 1.64 million Dai. According to PeckShield, a sizable chunk of the DAI hoard has already been put into the completely automatic cryptocurrency exchange FixedFloat.
MistTrack, SlowMist’s cryptocurrency tracking team, revealed that the majority of the remaining stolen cash was sent to three addresses.
The victim facilitated token approvals to the con artist by signing “Increase Allowance” transactions, claims anti-scam source Scam Sniffer.
ERC-20 tokens have an attribute called allowance or access rights that, when used with smart contracts, give a third party the authority to spend some tokens that belong to a separate owner. Since anonymous developers might employ fraudulent smart contracts to defraud consumers, some cryptocurrency analysts have cautioned against the risks connected with approving ERC-20 permits.
The news comes shortly after Rocket Pool, StakeWise, Stader Labs, and Diva Staking, at least five Ethereum liquid staking providers, implemented or started trying to impose a self-limit regulation in which they commit not to possess more than 22% of the Ethereum staking market.